diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 87e3ab8e39..e4f4d3a06c 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -4,7 +4,7 @@ description: Learn about the ADMX-backed policies in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 11/30/2022
+ms.date: 12/07/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -2927,6 +2927,7 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [ConfigureRpcListenerPolicy](policy-csp-printers.md)
 - [ConfigureRpcConnectionPolicy](policy-csp-printers.md)
 - [ConfigureRpcTcpPort](policy-csp-printers.md)
+- [ConfigureRpcAuthnLevelPrivacyEnabled](policy-csp-printers.md)
 - [ConfigureIppPageCountsPolicy](policy-csp-printers.md)
 - [ConfigureRedirectionGuardPolicy](policy-csp-printers.md)
 
@@ -2987,6 +2988,7 @@ This article lists the ADMX-backed policies in Policy CSP.
 ## SettingsSync
 
 - [DisableAccessibilitySettingSync](policy-csp-settingssync.md)
+- [DisableLanguageSettingSync](policy-csp-settingssync.md)
 
 ## Storage
 
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index 98bd07aa66..6c10428c97 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 11/30/2022
+ms.date: 12/07/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -317,12 +317,14 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [DOMinBatteryPercentageAllowedToUpload](policy-csp-deliveryoptimization.md)
 - [DOCacheHost](policy-csp-deliveryoptimization.md)
 - [DOCacheHostSource](policy-csp-deliveryoptimization.md)
+- [DODisallowCacheServerDownloadsOnVPN](policy-csp-deliveryoptimization.md)
 - [DOGroupIdSource](policy-csp-deliveryoptimization.md)
 - [DODelayBackgroundDownloadFromHttp](policy-csp-deliveryoptimization.md)
 - [DODelayForegroundDownloadFromHttp](policy-csp-deliveryoptimization.md)
 - [DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md)
 - [DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md)
 - [DORestrictPeerSelectionBy](policy-csp-deliveryoptimization.md)
+- [DOVpnKeywords](policy-csp-deliveryoptimization.md)
 
 ## DeviceGuard
 
@@ -877,6 +879,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [NotifyMalicious](policy-csp-webthreatdefense.md)
 - [NotifyPasswordReuse](policy-csp-webthreatdefense.md)
 - [NotifyUnsafeApp](policy-csp-webthreatdefense.md)
+- [CaptureThreatWindow](policy-csp-webthreatdefense.md)
 
 ## Wifi
 
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 283417da87..03c3eb3bb2 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -4,7 +4,7 @@ description: Learn more about the Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 11/22/2022
+ms.date: 12/07/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -94,6 +94,7 @@ The following example shows the Policy configuration service provider in tree fo
 <!-- Device-Config-OmaUri-End -->
 
 <!-- Device-Config-Description-Begin -->
+<!-- Description-Source-DDF -->
 Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value,) the configuration source can use the Policy/Result path to retrieve the resulting value.
 <!-- Device-Config-Description-End -->
 
@@ -132,7 +133,8 @@ Node for grouping all policies configured by one source. The configuration sourc
 <!-- Device-Config-{AreaName}-OmaUri-End -->
 
 <!-- Device-Config-{AreaName}-Description-Begin -->
-The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value.  See the individual Area DDFs for Policy CSP for a list of Areas that can be configured.
+<!-- Description-Source-DDF -->
+The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured.
 <!-- Device-Config-{AreaName}-Description-End -->
 
 <!-- Device-Config-{AreaName}-Editable-Begin -->
@@ -171,7 +173,8 @@ The area group that can be configured by a single technology for a single provid
 <!-- Device-Config-{AreaName}-{PolicyName}-OmaUri-End -->
 
 <!-- Device-Config-{AreaName}-{PolicyName}-Description-Begin -->
-Specifies the name/value pair used in the policy.  See the individual Area DDFs for more information about the policies available to configure.
+<!-- Description-Source-DDF -->
+Specifies the name/value pair used in the policy. See the individual Area DDFs for more information about the policies available to configure.
 <!-- Device-Config-{AreaName}-{PolicyName}-Description-End -->
 
 <!-- Device-Config-{AreaName}-{PolicyName}-Editable-Begin -->
@@ -218,6 +221,7 @@ The following list shows some tips to help you when configuring policies:
 <!-- Device-ConfigOperations-OmaUri-End -->
 
 <!-- Device-ConfigOperations-Description-Begin -->
+<!-- Description-Source-DDF -->
 The root node for grouping different configuration operations.
 <!-- Device-ConfigOperations-Description-End -->
 
@@ -256,6 +260,7 @@ The root node for grouping different configuration operations.
 <!-- Device-ConfigOperations-ADMXInstall-OmaUri-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-Description-Begin -->
+<!-- Description-Source-DDF -->
 Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. ADMX files that have been installed by using ConfigOperations/ADMXInstall can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}.
 <!-- Device-ConfigOperations-ADMXInstall-Description-End -->
 
@@ -298,6 +303,7 @@ Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-OmaUri-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Description-Begin -->
+<!-- Description-Source-DDF -->
 Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file.
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Description-End -->
 
@@ -337,6 +343,7 @@ Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX f
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-{SettingsType}-OmaUri-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-{SettingsType}-Description-Begin -->
+<!-- Description-Source-DDF -->
 Setting Type of Win32 App. Policy Or Preference
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-{SettingsType}-Description-End -->
 
@@ -376,6 +383,7 @@ Setting Type of Win32 App. Policy Or Preference
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-{SettingsType}-{AdmxFileId}-OmaUri-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-{SettingsType}-{AdmxFileId}-Description-Begin -->
+<!-- Description-Source-DDF -->
 Unique ID of ADMX file
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-{SettingsType}-{AdmxFileId}-Description-End -->
 
@@ -415,6 +423,7 @@ Unique ID of ADMX file
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-OmaUri-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-Description-Begin -->
+<!-- Description-Source-DDF -->
 Properties of Win32 App ADMX Ingestion
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-Description-End -->
 
@@ -453,6 +462,7 @@ Properties of Win32 App ADMX Ingestion
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-OmaUri-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-Description-Begin -->
+<!-- Description-Source-DDF -->
 Setting Type of Win32 App. Policy Or Preference
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-Description-End -->
 
@@ -492,6 +502,7 @@ Setting Type of Win32 App. Policy Or Preference
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-OmaUri-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Description-Begin -->
+<!-- Description-Source-DDF -->
 Unique ID of ADMX file
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Description-End -->
 
@@ -531,7 +542,8 @@ Unique ID of ADMX file
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Version-OmaUri-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Version-Description-Begin -->
-Version of ADMX file.  This can be set by the server to keep a record of the versioning of the ADMX file ingested by the device.
+<!-- Description-Source-DDF -->
+Version of ADMX file. This can be set by the server to keep a record of the versioning of the ADMX file ingested by the device.
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Version-Description-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Version-Editable-Begin -->
@@ -569,6 +581,7 @@ Version of ADMX file.  This can be set by the server to keep a record of the ver
 <!-- Device-Result-OmaUri-End -->
 
 <!-- Device-Result-Description-Begin -->
+<!-- Description-Source-DDF -->
 Groups the evaluated policies from all providers that can be configured.
 <!-- Device-Result-Description-End -->
 
@@ -607,6 +620,7 @@ Groups the evaluated policies from all providers that can be configured.
 <!-- Device-Result-{AreaName}-OmaUri-End -->
 
 <!-- Device-Result-{AreaName}-Description-Begin -->
+<!-- Description-Source-DDF -->
 The area group that can be configured by a single technology independent of the providers. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured.
 <!-- Device-Result-{AreaName}-Description-End -->
 
@@ -646,6 +660,7 @@ The area group that can be configured by a single technology independent of the
 <!-- Device-Result-{AreaName}-{PolicyName}-OmaUri-End -->
 
 <!-- Device-Result-{AreaName}-{PolicyName}-Description-Begin -->
+<!-- Description-Source-DDF -->
 Specifies the name/value pair used in the policy. See the individual Area DDFs for more information about the policies available to configure.
 <!-- Device-Result-{AreaName}-{PolicyName}-Description-End -->
 
@@ -685,6 +700,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
 <!-- User-Config-OmaUri-End -->
 
 <!-- User-Config-Description-Begin -->
+<!-- Description-Source-DDF -->
 Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value,) the configuration source can use the Policy/Result path to retrieve the resulting value.
 <!-- User-Config-Description-End -->
 
@@ -723,7 +739,8 @@ Node for grouping all policies configured by one source. The configuration sourc
 <!-- User-Config-{AreaName}-OmaUri-End -->
 
 <!-- User-Config-{AreaName}-Description-Begin -->
-The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value.  See the individual Area DDFs for Policy CSP for a list of Areas that can be configured.
+<!-- Description-Source-DDF -->
+The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured.
 <!-- User-Config-{AreaName}-Description-End -->
 
 <!-- User-Config-{AreaName}-Editable-Begin -->
@@ -770,7 +787,8 @@ The following list shows some tips to help you when configuring policies:
 <!-- User-Config-{AreaName}-{PolicyName}-OmaUri-End -->
 
 <!-- User-Config-{AreaName}-{PolicyName}-Description-Begin -->
-Specifies the name/value pair used in the policy.  See the individual Area DDFs for more information about the policies available to configure.
+<!-- Description-Source-DDF -->
+Specifies the name/value pair used in the policy. See the individual Area DDFs for more information about the policies available to configure.
 <!-- User-Config-{AreaName}-{PolicyName}-Description-End -->
 
 <!-- User-Config-{AreaName}-{PolicyName}-Editable-Begin -->
@@ -809,6 +827,7 @@ Specifies the name/value pair used in the policy.  See the individual Area DDFs
 <!-- User-Result-OmaUri-End -->
 
 <!-- User-Result-Description-Begin -->
+<!-- Description-Source-DDF -->
 Groups the evaluated policies from all providers that can be configured.
 <!-- User-Result-Description-End -->
 
@@ -847,6 +866,7 @@ Groups the evaluated policies from all providers that can be configured.
 <!-- User-Result-{AreaName}-OmaUri-End -->
 
 <!-- User-Result-{AreaName}-Description-Begin -->
+<!-- Description-Source-DDF -->
 The area group that can be configured by a single technology independent of the providers. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured.
 <!-- User-Result-{AreaName}-Description-End -->
 
@@ -886,6 +906,7 @@ The area group that can be configured by a single technology independent of the
 <!-- User-Result-{AreaName}-{PolicyName}-OmaUri-End -->
 
 <!-- User-Result-{AreaName}-{PolicyName}-Description-Begin -->
+<!-- Description-Source-DDF -->
 Specifies the name/value pair used in the policy. See the individual Area DDFs for more information about the policies available to configure.
 <!-- User-Result-{AreaName}-{PolicyName}-Description-End -->
 
@@ -1073,7 +1094,6 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
 - [Browser](policy-csp-browser.md)
 - [Camera](policy-csp-camera.md)
 - [Cellular](policy-csp-cellular.md)
-- [CloudDesktop](policy-csp-clouddesktop.md)
 - [CloudPC](policy-csp-cloudpc.md)
 - [Connectivity](policy-csp-connectivity.md)
 - [ControlPolicyConflict](policy-csp-controlpolicyconflict.md)
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index d736b16a60..6d510df4ba 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -1,188 +1,251 @@
 ---
-title: Policy CSP - SmartScreen
-description: Use the Policy CSP - SmartScreen setting to allow IT Admins to control whether users are allowed to install apps from places other than the Store.
+title: SmartScreen Policy CSP
+description: Learn more about the SmartScreen Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 12/07/2022
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer: 
-manager: aaroncz
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- SmartScreen-Begin -->
 # Policy CSP - SmartScreen
 
+<!-- SmartScreen-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- SmartScreen-Editable-End -->
 
-<hr/>
+<!-- EnableAppInstallControl-Begin -->
+## EnableAppInstallControl
 
-<!--Policies-->
-## SmartScreen policies
+<!-- EnableAppInstallControl-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+<!-- EnableAppInstallControl-Applicability-End -->
 
-<dl>
-  <dd>
-    <a href="#smartscreen-enableappinstallcontrol">SmartScreen/EnableAppInstallControl</a>
-  </dd>
-  <dd>
-    <a href="#smartscreen-enablesmartscreeninshell">SmartScreen/EnableSmartScreenInShell</a>
-  </dd>
-  <dd>
-    <a href="#smartscreen-preventoverrideforfilesinshell">SmartScreen/PreventOverrideForFilesInShell</a>
-  </dd>
-</dl>
+<!-- EnableAppInstallControl-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/SmartScreen/EnableAppInstallControl
+```
+<!-- EnableAppInstallControl-OmaUri-End -->
 
+<!-- EnableAppInstallControl-Description-Begin -->
+<!-- Description-Source-ADMX -->
+App Install Control is a feature of Windows Defender SmartScreen that helps protect PCs by allowing users to install apps only from the Store. SmartScreen must be enabled for this feature to work properly.
 
-<hr/>
+If you enable this setting, you must choose from the following behaviors:
 
-<!--Policy-->
-<a href="" id="smartscreen-enableappinstallcontrol"></a>**SmartScreen/EnableAppInstallControl**
+- Turn off app recommendations
 
-<!--SupportedSKUs-->
+- Show me app recommendations
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+- Warn me before installing apps from outside the Store
 
-<!--/SupportedSKUs-->
-<hr/>
+- Allow apps from Store only
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+If you disable or don't configure this setting, users will be able to install apps from anywhere, including files downloaded from the Internet.
+<!-- EnableAppInstallControl-Description-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- EnableAppInstallControl-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> This policy will block installation only while the device is online. To block offline installation too, **SmartScreen/PreventOverrideForFilesInShell** and **SmartScreen/EnableSmartScreenInShell** policies should also be enabled.
+>
+> This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.
+<!-- EnableAppInstallControl-Editable-End -->
 
-<hr/>
+<!-- EnableAppInstallControl-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--/Scope-->
-<!--Description-->
-Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- EnableAppInstallControl-DFProperties-End -->
 
-> [!Note]
-> This policy will block installation only while the device is online. To block offline installation too, **SmartScreen/PreventOverrideForFilesInShell** and **SmartScreen/EnableSmartScreenInShell** policies should also be enabled.<p>This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.
+<!-- EnableAppInstallControl-AllowedValues-Begin -->
+**Allowed values**:
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Configure App Install Control*
--   GP name: *ConfigureAppInstallControl*
--   GP path: *Windows Components/Windows Defender SmartScreen/Explorer*
--   GP ADMX file name: *SmartScreen.admx*
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Turns off Application Installation Control, allowing users to download and install files from anywhere on the web. |
+| 1 | Turns on Application Installation Control, allowing users to only install apps from the Store. |
+<!-- EnableAppInstallControl-AllowedValues-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
+<!-- EnableAppInstallControl-GpMapping-Begin -->
+**Group policy mapping**:
 
--   0 – Turns off Application Installation Control, allowing users to download and install files from anywhere on the web.
--   1 – Turns on Application Installation Control, allowing users to only install apps from the Store.
+| Name | Value |
+|:--|:--|
+| Name | ConfigureAppInstallControl |
+| Friendly Name | Configure App Install Control |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Defender SmartScreen > Explorer |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\SmartScreen |
+| Registry Value Name | ConfigureAppInstallControlEnabled |
+| ADMX File Name | SmartScreen.admx |
+<!-- EnableAppInstallControl-GpMapping-End -->
 
-<!--/SupportedValues-->
-<!--/Policy-->
+<!-- EnableAppInstallControl-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- EnableAppInstallControl-Examples-End -->
 
-<hr/>
+<!-- EnableAppInstallControl-End -->
 
-<!--Policy-->
-<a href="" id="smartscreen-enablesmartscreeninshell"></a>**SmartScreen/EnableSmartScreenInShell**
+<!-- EnableSmartScreenInShell-Begin -->
+## EnableSmartScreenInShell
 
-<!--SupportedSKUs-->
+<!-- EnableSmartScreenInShell-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+<!-- EnableSmartScreenInShell-Applicability-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- EnableSmartScreenInShell-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell
+```
+<!-- EnableSmartScreenInShell-OmaUri-End -->
 
-<!--/SupportedSKUs-->
-<hr/>
+<!-- EnableSmartScreenInShell-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious.
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.
 
-> [!div class = "checklist"]
-> * Device
+If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:
 
-<hr/>
+• Warn and prevent bypass
+• Warn
 
-<!--/Scope-->
-<!--Description-->
-Allows IT Admins to configure SmartScreen for Windows.
+If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app.
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Configure Windows Defender SmartScreen*
--   GP name: *ShellConfigureSmartScreen*
--   GP path: *Windows Components/Windows Defender SmartScreen/Explorer*
--   GP ADMX file name: *SmartScreen.admx*
+If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app.
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
+If you disable this policy, SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from the Internet.
 
--   0 – Turns off SmartScreen in Windows.
--   1 – Turns on SmartScreen in Windows.
+If you do not configure this policy, SmartScreen will be enabled by default, but users may change their settings.
+<!-- EnableSmartScreenInShell-Description-End -->
 
-<!--/SupportedValues-->
-<!--/Policy-->
+<!-- EnableSmartScreenInShell-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnableSmartScreenInShell-Editable-End -->
 
-<hr/>
+<!-- EnableSmartScreenInShell-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--Policy-->
-<a href="" id="smartscreen-preventoverrideforfilesinshell"></a>**SmartScreen/PreventOverrideForFilesInShell**
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- EnableSmartScreenInShell-DFProperties-End -->
 
-<!--SupportedSKUs-->
+<!-- EnableSmartScreenInShell-AllowedValues-Begin -->
+**Allowed values**:
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Value | Description |
+|:--|:--|
+| 0 | Disabled. |
+| 1 (Default) | Enabled. |
+<!-- EnableSmartScreenInShell-AllowedValues-End -->
 
-<!--/SupportedSKUs-->
-<hr/>
+<!-- EnableSmartScreenInShell-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+| Name | Value |
+|:--|:--|
+| Name | ShellConfigureSmartScreen |
+| Friendly Name | Configure Windows Defender SmartScreen |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Defender SmartScreen > Explorer |
+| Registry Key Name | Software\Policies\Microsoft\Windows\System |
+| Registry Value Name | EnableSmartScreen |
+| ADMX File Name | SmartScreen.admx |
+<!-- EnableSmartScreenInShell-GpMapping-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- EnableSmartScreenInShell-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- EnableSmartScreenInShell-Examples-End -->
 
-<hr/>
+<!-- EnableSmartScreenInShell-End -->
 
-<!--/Scope-->
-<!--Description-->
+<!-- PreventOverrideForFilesInShell-Begin -->
+## PreventOverrideForFilesInShell
+
+<!-- PreventOverrideForFilesInShell-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+<!-- PreventOverrideForFilesInShell-Applicability-End -->
+
+<!-- PreventOverrideForFilesInShell-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell
+```
+<!-- PreventOverrideForFilesInShell-OmaUri-End -->
+
+<!-- PreventOverrideForFilesInShell-Description-Begin -->
+<!-- Description-Source-DDF -->
 Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files.
+<!-- PreventOverrideForFilesInShell-Description-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Configure Windows Defender SmartScreen*
--   GP name: *ShellConfigureSmartScreen*
--   GP element: *ShellConfigureSmartScreen_Dropdown*
--   GP path: *Windows Components/Windows Defender SmartScreen/Explorer*
--   GP ADMX file name: *SmartScreen.admx*
+<!-- PreventOverrideForFilesInShell-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- PreventOverrideForFilesInShell-Editable-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
+<!-- PreventOverrideForFilesInShell-DFProperties-Begin -->
+**Description framework properties**:
 
--   0 – Employees can ignore SmartScreen warnings and run malicious files.
--   1 – Employees cannot ignore SmartScreen warnings and run malicious files.
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- PreventOverrideForFilesInShell-DFProperties-End -->
 
-<!--/SupportedValues-->
-<!--/Policy-->
-<hr/>
+<!-- PreventOverrideForFilesInShell-AllowedValues-Begin -->
+**Allowed values**:
 
-<!--/Policies-->
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Do not prevent override. |
+| 1 | Prevent override. |
+<!-- PreventOverrideForFilesInShell-AllowedValues-End -->
+
+<!-- PreventOverrideForFilesInShell-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ShellConfigureSmartScreen |
+| Friendly Name | Configure Windows Defender SmartScreen |
+| Element Name | Pick one of the following settings |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Defender SmartScreen > Explorer |
+| Registry Key Name | Software\Policies\Microsoft\Windows\System |
+| ADMX File Name | SmartScreen.admx |
+<!-- PreventOverrideForFilesInShell-GpMapping-End -->
+
+<!-- PreventOverrideForFilesInShell-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- PreventOverrideForFilesInShell-Examples-End -->
+
+<!-- PreventOverrideForFilesInShell-End -->
+
+<!-- SmartScreen-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- SmartScreen-CspMoreInfo-End -->
+
+<!-- SmartScreen-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 939f3e2ac9..2a3fa4504c 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1,1615 +1,2127 @@
 ---
-title: Policy CSP - System
-description: Learn policy settings that determine whether users can access the Insider build controls in the advanced options for Windows Update.
+title: System Policy CSP
+description: Learn more about the System Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 12/07/2022
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 08/26/2021
-ms.reviewer: 
-manager: aaroncz
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- System-Begin -->
 # Policy CSP - System
 
-<hr/>
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--Policies-->
-## System policies
+<!-- System-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- System-Editable-End -->
 
-<dl>
-  <dd>
-    <a href="#system-allowbuildpreview">System/AllowBuildPreview</a>
-  </dd>
-  <dd>
-    <a href="#system-allowcommercialdatapipeline">System/AllowCommercialDataPipeline</a>
-  </dd>
-  <dd>
-    <a href="#system-allowdesktopanalyticsprocessing">System/AllowDesktopAnalyticsProcessing </a>
-  </dd>
-  <dd>
-    <a href="#system-allowdevicenameindiagnosticdata">System/AllowDeviceNameInDiagnosticData</a>
-  </dd>
-  <dd>
-    <a href="#system-allowembeddedmode">System/AllowEmbeddedMode</a>
-  </dd>
-  <dd>
-    <a href="#system-allowexperimentation">System/AllowExperimentation</a>
-  </dd>
-  <dd>
-    <a href="#system-allowfontproviders">System/AllowFontProviders</a>
-  </dd>
-  <dd>
-    <a href="#system-allowlocation">System/AllowLocation</a>
-  </dd>
-  <dd>
-    <a href="#system-allowmicrosoftmanageddesktopprocessing">System/AllowMicrosoftManagedDesktopProcessing</a>
-  </dd>
-  <dd>
-    <a href="#system-allowstoragecard">System/AllowStorageCard</a>
-  </dd>
-  <dd>
-    <a href="#system-allowtelemetry">System/AllowTelemetry</a>
-  </dd>
-  <dd>
-    <a href="#system-allowupdatecomplianceprocessing">System/AllowUpdateComplianceProcessing</a>
-  </dd>
-  <dd>
-    <a href="#system-allowusertoresetphone">System/AllowUserToResetPhone</a>
-  </dd>
- <dd>
-    <a href="#system-allowwufbcloudprocessing">System/AllowWUfBCloudProcessing</a>
-  </dd>
-  <dd>
-    <a href="#system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
-  </dd>
-  <dd>
-    <a href="#system-configuremicrosoft365uploadendpoint">System/ConfigureMicrosoft365UploadEndpoint</a>
-  </dd>
-  <dd>
-    <a href="#system-configuretelemetryoptinchangenotification">System/ConfigureTelemetryOptInChangeNotification</a>
-  </dd>
-  <dd>
-    <a href="#system-configuretelemetryoptinsettingsux">System/ConfigureTelemetryOptInSettingsUx</a>
-  </dd>
-  <dd>
-    <a href="#system-disabledevicedelete">System/DisableDeviceDelete</a>
-  </dd>
-  <dd>
-    <a href="#system-disablediagnosticdataviewer">System/DisableDiagnosticDataViewer</a>
-  </dd>
-  <dd>
-    <a href="#system-disableenterpriseauthproxy">System/DisableEnterpriseAuthProxy</a>
-  </dd>
-  <dd>
-    <a href="#system-disableonedrivefilesync">System/DisableOneDriveFileSync</a>
-  </dd>
-  <dd>
-    <a href="#system-disablesystemrestore">System/DisableSystemRestore</a>
-  </dd>
-  <dd>
-    <a href="#system-feedbackhubalwayssavediagnosticslocally">System/FeedbackHubAlwaysSaveDiagnosticsLocally</a>
-  </dd>
-  <dd>
-    <a href="#system-limitdiagnosticlogcollection">System/LimitDiagnosticLogCollection</a>
-  </dd>
-  <dd>
-    <a href="#system-limitdumpcollection">System/LimitDumpCollection</a>
-  </dd>
-  <dd>
-    <a href="#system-limitenhanceddiagnosticdatawindowsanalytics">System/LimitEnhancedDiagnosticDataWindowsAnalytics</a>
-  </dd>
-  <dd>
-    <a href="#system-telemetryproxy">System/TelemetryProxy</a>
-  </dd>
-  <dd>
-    <a href="#system-turnofffilehistory">System/TurnOffFileHistory</a>
-  </dd>
-</dl>
+<!-- AllowBuildPreview-Begin -->
+## AllowBuildPreview
 
+<!-- AllowBuildPreview-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later |
+<!-- AllowBuildPreview-Applicability-End -->
 
-<hr/>
+<!-- AllowBuildPreview-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowBuildPreview
+```
+<!-- AllowBuildPreview-OmaUri-End -->
 
-<!--Policy-->
-<a href="" id="system-allowbuildpreview"></a>**System/AllowBuildPreview**
+<!-- AllowBuildPreview-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting determines whether users can get preview builds of Windows, by configuring controls in Settings > Update and security > Windows Insider Program.
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+If you enable or do not configure this policy setting, users can download and install preview builds of Windows by configuring Windows Insider Program settings.
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+If you disable this policy setting, Windows Insider Program settings will be unavailable to users through the Settings app.
 
-<!--/SupportedSKUs-->
-<hr/>
+This policy is only supported up to Windows 10, Version 1703. Please use 'Manage preview builds' under 'Windows Update for Business' for newer Windows 10 versions.
+<!-- AllowBuildPreview-Description-End -->
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- AllowBuildPreview-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowBuildPreview-Editable-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- AllowBuildPreview-DFProperties-Begin -->
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 2 |
+<!-- AllowBuildPreview-DFProperties-End -->
 
-<!--/Scope-->
-<!--Description-->
+<!-- AllowBuildPreview-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Not allowed. The item "Get Insider builds" is unavailable, users are unable to make their devices available for preview software. |
+| 1 | Allowed. Users can make their devices available for downloading and installing preview software. |
+| 2 (Default) | Not configured. Users can make their devices available for downloading and installing preview software. |
+<!-- AllowBuildPreview-AllowedValues-End -->
+
+<!-- AllowBuildPreview-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AllowBuildPreview |
+| Friendly Name | Toggle user control over Insider builds |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\PreviewBuilds |
+| Registry Value Name | AllowBuildPreview |
+| ADMX File Name | AllowBuildPreview.admx |
+<!-- AllowBuildPreview-GpMapping-End -->
+
+<!-- AllowBuildPreview-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowBuildPreview-Examples-End -->
+
+<!-- AllowBuildPreview-End -->
+
+<!-- AllowCommercialDataPipeline-Begin -->
+## AllowCommercialDataPipeline
+
+<!-- AllowCommercialDataPipeline-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later |
+<!-- AllowCommercialDataPipeline-Applicability-End -->
+
+<!-- AllowCommercialDataPipeline-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline
+```
+<!-- AllowCommercialDataPipeline-OmaUri-End -->
+
+<!-- AllowCommercialDataPipeline-Description-Begin -->
+<!-- Description-Source-ADMX -->
+AllowCommercialDataPipeline configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at <https://go.microsoft.com/fwlink/?linkid=2185086>.
+To enable this behavior:
+1. Enable this policy setting
+2. Join an Azure Active Directory account to the device
+
+Windows diagnostic data is collected when the Allow Telemetry policy setting is set to value 1 - Required or above. Configuring this setting does not change the Windows diagnostic data collection level set for the device
+If you disable or do not configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft's privacy statement at <https://go.microsoft.com/fwlink/?LinkId=521839> unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing”.
+See the documentation at <https://go.microsoft.com/fwlink/?linkid=2011107> for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
+<!-- AllowCommercialDataPipeline-Description-End -->
+
+<!-- AllowCommercialDataPipeline-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> This policy setting applies only to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
+> Configuring this setting doesn't affect the operation of optional analytics processor services like Desktop Analytics and Windows Update for Business reports.
+<!-- AllowCommercialDataPipeline-Editable-End -->
 
-This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under "Get Insider builds," and enable users to make their devices available for downloading and installing Windows preview software.
+<!-- AllowCommercialDataPipeline-DFProperties-Begin -->
+**Description framework properties**:
 
-If you enable or don't configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable.
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- AllowCommercialDataPipeline-DFProperties-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Toggle user control over Insider builds*
--   GP name: *AllowBuildPreview*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *AllowBuildPreview.admx*
+<!-- AllowCommercialDataPipeline-AllowedValues-Begin -->
+**Allowed values**:
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+<!-- AllowCommercialDataPipeline-AllowedValues-End -->
 
--   0 – Not allowed. The item "Get Insider builds" is unavailable, users are unable to make their devices available for preview software.
--   1 – Allowed. Users can make their devices available for downloading and installing preview software.
--   2 (default) – Not configured. Users can make their devices available for downloading and installing preview software.
+<!-- AllowCommercialDataPipeline-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--/SupportedValues-->
-<!--/Policy-->
+| Name | Value |
+|:--|:--|
+| Name | AllowCommercialDataPipeline |
+| Friendly Name | Allow commercial data pipeline |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- AllowCommercialDataPipeline-GpMapping-End -->
 
-<hr/>
+<!-- AllowCommercialDataPipeline-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowCommercialDataPipeline-Examples-End -->
 
-<!--Policy-->
-<a href="" id="system-allowcommercialdatapipeline"></a>**System/AllowCommercialDataPipeline**
+<!-- AllowCommercialDataPipeline-End -->
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- AllowDesktopAnalyticsProcessing-Begin -->
+## AllowDesktopAnalyticsProcessing
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- AllowDesktopAnalyticsProcessing-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763.1217] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.836] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- AllowDesktopAnalyticsProcessing-Applicability-End -->
 
-<!--/SupportedSKUs-->
-<hr/>
+<!-- AllowDesktopAnalyticsProcessing-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowDesktopAnalyticsProcessing
+```
+<!-- AllowDesktopAnalyticsProcessing-OmaUri-End -->
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting configures an Azure Active Directory-joined device, so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
-
-To enable this behavior, you must complete two steps:
-
- 1. Enable this policy setting.
- 2. Join an Azure Active Directory account to the device.
-
-Windows diagnostic data is collected when the Allow Telemetry policy setting is set to 1 – **Required (Basic)** or above.
-
-If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s [privacy statement](https://go.microsoft.com/fwlink/?LinkId=521839) unless you have enabled policies like Allow Update Compliance Processing or Allow Desktop Analytics Processing.
-
-Configuring this setting doesn't change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Update Compliance.
-
-See the documentation at [ConfigureWDD](https://aka.ms/ConfigureWDD) for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Allow commercial data pipeline*
--   GP name: *AllowCommercialDataPipeline*
--   GP element: *AllowCommercialDataPipeline*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 (default) - Disabled.
--   1 - Enabled.
-
-<!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-allowdesktopanalyticsprocessing"></a>**System/AllowDesktopAnalyticsProcessing**
-
-<!--/Scope-->
-<!--Description-->
-
-This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID policy settings, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
-
-To enable this behavior, you must complete three steps:
-
- 1. Enable this policy setting.
- 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above.
- 3. Set the Configure the Commercial ID setting for your Desktop Analytics workspace.
-
-This setting has no effect on devices, unless they're properly enrolled in Desktop Analytics.
+<!-- AllowDesktopAnalyticsProcessing-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the Product Terms at <https://go.microsoft.com/fwlink/?linkid=2185086>.
+To enable this behavior:
+1. Enable this policy setting
+2. Join an Azure Active Directory account to the device
+3. Set Allow Telemetry to value 1 - Required, or higher
+4. Set the Configure the Commercial ID setting for your Desktop Analytics workspace
 
 When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+This setting has no effect on devices unless they are properly enrolled in Desktop Analytics. If you disable this policy setting, devices will not appear in Desktop Analytics.
+<!-- AllowDesktopAnalyticsProcessing-Description-End -->
 
-If you disable or don't configure this policy setting, devices won't appear in Desktop Analytics.
+<!-- AllowDesktopAnalyticsProcessing-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowDesktopAnalyticsProcessing-Editable-End -->
 
-The following list shows the supported values:
+<!-- AllowDesktopAnalyticsProcessing-DFProperties-Begin -->
+**Description framework properties**:
 
--   0 (default) – Disabled.
--   2 – Allowed.
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- AllowDesktopAnalyticsProcessing-DFProperties-End -->
 
+<!-- AllowDesktopAnalyticsProcessing-AllowedValues-Begin -->
+**Allowed values**:
 
-<!--/Policy-->
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 2 | Allowed. |
+<!-- AllowDesktopAnalyticsProcessing-AllowedValues-End -->
 
-<hr/>
+<!-- AllowDesktopAnalyticsProcessing-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--Policy-->
-<a href="" id="system-allowdevicenameindiagnosticdata"></a>**System/AllowDeviceNameInDiagnosticData**
+| Name | Value |
+|:--|:--|
+| Name | AllowDesktopAnalyticsProcessing |
+| Friendly Name | Allow Desktop Analytics Processing |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- AllowDesktopAnalyticsProcessing-GpMapping-End -->
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- AllowDesktopAnalyticsProcessing-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowDesktopAnalyticsProcessing-Examples-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- AllowDesktopAnalyticsProcessing-End -->
 
-<!--/SupportedSKUs-->
-<hr/>
+<!-- AllowDeviceNameInDiagnosticData-Begin -->
+## AllowDeviceNameInDiagnosticData
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- AllowDeviceNameInDiagnosticData-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
+<!-- AllowDeviceNameInDiagnosticData-Applicability-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- AllowDeviceNameInDiagnosticData-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowDeviceNameInDiagnosticData
+```
+<!-- AllowDeviceNameInDiagnosticData-OmaUri-End -->
 
-<hr/>
+<!-- AllowDeviceNameInDiagnosticData-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data.
 
-<!--/Scope-->
-<!--Description-->
-This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or don't configure this policy setting, then device name won't be sent to Microsoft as part of Windows diagnostic data.
+If you disable or do not configure this policy setting, then device name will not be sent to Microsoft as part of Windows diagnostic data.
+<!-- AllowDeviceNameInDiagnosticData-Description-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Allow device name to be sent in Windows diagnostic data*
--   GP name: *AllowDeviceNameInDiagnosticData*
--   GP element: *AllowDeviceNameInDiagnosticData*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
+<!-- AllowDeviceNameInDiagnosticData-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowDeviceNameInDiagnosticData-Editable-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
+<!-- AllowDeviceNameInDiagnosticData-DFProperties-Begin -->
+**Description framework properties**:
 
--   0 (default) – Disabled.
--   1 – Allowed.
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- AllowDeviceNameInDiagnosticData-DFProperties-End -->
 
-<!--/SupportedValues-->
-<!--Example-->
+<!-- AllowDeviceNameInDiagnosticData-AllowedValues-Begin -->
+**Allowed values**:
 
-<!--/Example-->
-<!--Validation-->
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Allowed. |
+<!-- AllowDeviceNameInDiagnosticData-AllowedValues-End -->
 
-<!--/Validation-->
-<!--/Policy-->
+<!-- AllowDeviceNameInDiagnosticData-GpMapping-Begin -->
+**Group policy mapping**:
 
-<hr/>
+| Name | Value |
+|:--|:--|
+| Name | AllowDeviceNameInDiagnosticData |
+| Friendly Name | Allow device name to be sent in Windows diagnostic data |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- AllowDeviceNameInDiagnosticData-GpMapping-End -->
 
-<!--Policy-->
-<a href="" id="system-allowembeddedmode"></a>**System/AllowEmbeddedMode**
+<!-- AllowDeviceNameInDiagnosticData-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowDeviceNameInDiagnosticData-Examples-End -->
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- AllowDeviceNameInDiagnosticData-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- AllowEmbeddedMode-Begin -->
+## AllowEmbeddedMode
 
-<!--/SupportedSKUs-->
-<hr/>
+<!-- AllowEmbeddedMode-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- AllowEmbeddedMode-Applicability-End -->
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- AllowEmbeddedMode-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowEmbeddedMode
+```
+<!-- AllowEmbeddedMode-OmaUri-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- AllowEmbeddedMode-Description-Begin -->
+<!-- Description-Source-DDF -->
+Specifies whether set general purpose device to be in embedded mode. Most restricted value is 0.
+<!-- AllowEmbeddedMode-Description-End -->
 
-<hr/>
+<!-- AllowEmbeddedMode-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowEmbeddedMode-Editable-End -->
 
-<!--/Scope-->
-<!--Description-->
-Specifies whether set general purpose device to be in embedded mode.
+<!-- AllowEmbeddedMode-DFProperties-Begin -->
+**Description framework properties**:
 
-Most restricted value is 0.
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- AllowEmbeddedMode-DFProperties-End -->
 
-<!--/Description-->
-<!--SupportedValues-->
-The following list shows the supported values:
+<!-- AllowEmbeddedMode-AllowedValues-Begin -->
+**Allowed values**:
 
--   0 (default) – Not allowed.
--   1 – Allowed.
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not allowed. |
+| 1 | Allowed. |
+<!-- AllowEmbeddedMode-AllowedValues-End -->
 
-<!--/SupportedValues-->
-<!--/Policy-->
+<!-- AllowEmbeddedMode-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowEmbeddedMode-Examples-End -->
 
-<hr/>
+<!-- AllowEmbeddedMode-End -->
 
-<!--Policy-->
-<a href="" id="system-allowexperimentation"></a>**System/AllowExperimentation**
+<!-- AllowExperimentation-Begin -->
+## AllowExperimentation
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- AllowExperimentation-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- AllowExperimentation-Applicability-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- AllowExperimentation-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowExperimentation
+```
+<!-- AllowExperimentation-OmaUri-End -->
 
-<!--/SupportedSKUs-->
-<hr/>
+<!-- AllowExperimentation-Description-Begin -->
+<!-- Description-Source-DDF -->
+NoteThis policy is not supported in Windows 10, version 1607. This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior. Most restricted value is 0.
+<!-- AllowExperimentation-Description-End -->
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- AllowExperimentation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowExperimentation-Editable-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- AllowExperimentation-DFProperties-Begin -->
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowExperimentation-DFProperties-End -->
 
-<!--/Scope-->
-<!--Description-->
-> [!NOTE]
-> This policy isn't supported in Windows 10, version 1607.
+<!-- AllowExperimentation-AllowedValues-Begin -->
+**Allowed values**:
 
-This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior.
+| Value | Description |
+|:--|:--|
+| 0 | Disabled. |
+| 1 (Default) | Permits Microsoft to configure device settings only. |
+| 2 | Allows Microsoft to conduct full experimentation. |
+<!-- AllowExperimentation-AllowedValues-End -->
 
-Most restricted value is 0.
+<!-- AllowExperimentation-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowExperimentation-Examples-End -->
 
-<!--/Description-->
-<!--SupportedValues-->
-The following list shows the supported values:
+<!-- AllowExperimentation-End -->
 
--   0 – Disabled.
--   1 (default) – Permits Microsoft to configure device settings only.
--   2 – Allows Microsoft to conduct full experimentation.
+<!-- AllowFontProviders-Begin -->
+## AllowFontProviders
 
-<!--/SupportedValues-->
-<!--/Policy-->
+<!-- AllowFontProviders-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+<!-- AllowFontProviders-Applicability-End -->
 
-<hr/>
+<!-- AllowFontProviders-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowFontProviders
+```
+<!-- AllowFontProviders-OmaUri-End -->
 
-<!--Policy-->
-<a href="" id="system-allowfontproviders"></a>**System/AllowFontProviders**
+<!-- AllowFontProviders-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting determines whether Windows is allowed to download fonts and font catalog data from an online font provider.
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+If you enable this policy setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text.
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts.
 
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows doesn't connect to an online font provider and only enumerates locally installed fonts.
+If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
+<!-- AllowFontProviders-Description-End -->
 
+<!-- AllowFontProviders-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value isn't set by default, so the default behavior is true (enabled).
 
 This setting is used by lower-level components for text display and fond handling and hasn't direct effect on web browsers, which may download web fonts used in web content.
 
 > [!NOTE]
 > Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service.
+<!-- AllowFontProviders-Editable-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Enable Font Providers*
--   GP name: *EnableFontProviders*
--   GP path: *Network/Fonts*
--   GP ADMX file name: *GroupPolicy.admx*
+<!-- AllowFontProviders-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowFontProviders-DFProperties-End -->
 
--   0 - false - No traffic to fs.microsoft.com, and only locally installed fonts are available.
--   1 - true (default) - There may be network traffic to fs.microsoft.com, and downloadable fonts are available to apps that support them.
+<!-- AllowFontProviders-AllowedValues-Begin -->
+**Allowed values**:
 
-<!--/SupportedValues-->
-<!--Validation-->
-To verify if System/AllowFontProviders is set to true:
+| Value | Description |
+|:--|:--|
+| 0 | Not allowed. No traffic to fs.microsoft.com and only locally installed fonts are available. |
+| 1 (Default) | Allowed. There may be network traffic to fs.microsoft.com and downloadable fonts are available to apps that support them. |
+<!-- AllowFontProviders-AllowedValues-End -->
 
--  After a client machine is rebooted, check whether there's any network traffic from client machine to fs.microsoft.com.
+<!-- AllowFontProviders-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--/Validation-->
-<!--/Policy-->
+| Name | Value |
+|:--|:--|
+| Name | EnableFontProviders |
+| Friendly Name | Enable Font Providers |
+| Location | Computer Configuration |
+| Path | Network > Fonts |
+| Registry Key Name | Software\Policies\Microsoft\Windows\System |
+| Registry Value Name | EnableFontProviders |
+| ADMX File Name | GroupPolicy.admx |
+<!-- AllowFontProviders-GpMapping-End -->
 
-<hr/>
+<!-- AllowFontProviders-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowFontProviders-Examples-End -->
 
-<!--Policy-->
-<a href="" id="system-allowlocation"></a>**System/AllowLocation**
+<!-- AllowFontProviders-End -->
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- AllowLocation-Begin -->
+## AllowLocation
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- AllowLocation-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later |
+<!-- AllowLocation-Applicability-End -->
 
-<!--/SupportedSKUs-->
-<hr/>
+<!-- AllowLocation-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowLocation
+```
+<!-- AllowLocation-OmaUri-End -->
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- AllowLocation-Description-Begin -->
+<!-- Description-Source-DDF -->
+Specifies whether to allow app access to the Location service. Most restricted value is 0. While the policy is set to 0 (Force Location Off) or 2 (Force Location On), any Location service call from an app would trigger the value set by this policy. When switching the policy back from 0 (Force Location Off) or 2 (Force Location On) to 1 (User Control), the app reverts to its original Location service setting. For example, an app's original Location setting is Off. The administrator then sets the AllowLocation policy to 2 (Force Location On. ) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the AllowLocation policy back to 1 (User Control), the app will revert to using its original setting of Off.
+<!-- AllowLocation-Description-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- AllowLocation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowLocation-Editable-End -->
 
-<hr/>
+<!-- AllowLocation-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--/Scope-->
-<!--Description-->
-Specifies whether to allow app access to the Location service.
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowLocation-DFProperties-End -->
 
-Most restricted value is 0.
+<!-- AllowLocation-AllowedValues-Begin -->
+**Allowed values**:
 
-While the policy is set to 0 (Force Location Off) or 2 (Force Location On), any Location service call from an app would trigger the value set by this policy.
+| Value | Description |
+|:--|:--|
+| 0 | Force Location Off. All Location Privacy settings are toggled off and grayed out. Users cannot change the settings, and no apps are allowed access to the Location service, including Cortana and Search. |
+| 1 (Default) | Location service is allowed. The user has control and can change Location Privacy settings on or off. |
+| 2 | Force Location On. All Location Privacy settings are toggled on and grayed out. Users cannot change the settings and all consent permissions will be automatically suppressed. |
+<!-- AllowLocation-AllowedValues-End -->
 
-When switching the policy back from 0 (Force Location Off) or 2 (Force Location On) to 1 (User Control), the app reverts to its original Location service setting.
+<!-- AllowLocation-GpMapping-Begin -->
+**Group policy mapping**:
 
-For example, an app's original Location setting is Off. The administrator then sets the **AllowLocation** policy to 2 (Force Location On.) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the **AllowLocation** policy back to 1 (User Control), the app will revert to using its original setting of Off.
+| Name | Value |
+|:--|:--|
+| Name | DisableLocation_2 |
+| Friendly Name | Turn off location |
+| Location | Computer Configuration |
+| Path | Windows Components > Location and Sensors |
+| Registry Key Name | Software\Policies\Microsoft\Windows\LocationAndSensors |
+| Registry Value Name | DisableLocation |
+| ADMX File Name | Sensors.admx |
+<!-- AllowLocation-GpMapping-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Turn off location*
--   GP name: *DisableLocation_2*
--   GP path: *Windows Components/Location and Sensors*
--   GP ADMX file name: *Sensors.admx*
+<!-- AllowLocation-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowLocation-Examples-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
+<!-- AllowLocation-End -->
 
--   0 – Force Location Off. All Location Privacy settings are toggled off and grayed out. Users can't change the settings, and no apps are allowed access to the Location service, including Cortana and Search.
--   1 (default) – Location service is allowed. The user has control and can change Location Privacy settings on or off.
--   2 – Force Location On. All Location Privacy settings are toggled on and grayed out. Users can't change the settings and all consent permissions will be automatically suppressed.
+<!-- AllowMicrosoftManagedDesktopProcessing-Begin -->
+## AllowMicrosoftManagedDesktopProcessing
 
-<!--/SupportedValues-->
-<!--/Policy-->
-<hr/>
+<!-- AllowMicrosoftManagedDesktopProcessing-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763.1217] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.836] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- AllowMicrosoftManagedDesktopProcessing-Applicability-End -->
 
-<!--Policy-->
-<a href="" id="system-allowmicrosoftmanageddesktopprocessing"></a>**System/AllowMicrosoftManagedDesktopProcessing**
+<!-- AllowMicrosoftManagedDesktopProcessing-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowMicrosoftManagedDesktopProcessing
+```
+<!-- AllowMicrosoftManagedDesktopProcessing-OmaUri-End -->
 
-<!--/Scope-->
-<!--Description-->
+<!-- AllowMicrosoftManagedDesktopProcessing-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows. This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at <https://go.microsoft.com/fwlink/?linkid=2185086>. For customers who enroll into the Microsoft Managed Desktop service, enabling this policy is required to allow Microsoft to process data for operational and analytic needs. See <https://go.microsoft.com/fwlink/?linkid=2184944> for more information. hen these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. This setting has no effect on devices unless they are properly enrolled in Microsoft Managed Desktop. If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
+<!-- AllowMicrosoftManagedDesktopProcessing-Description-End -->
 
-This policy setting configures an Azure Active Directory-joined device so that Microsoft is the processor of the Windows diagnostic data.
+<!-- AllowMicrosoftManagedDesktopProcessing-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowMicrosoftManagedDesktopProcessing-Editable-End -->
 
-For customers who enroll into the Microsoft Managed Desktop service, this policy will be enabled by default to allow Microsoft to process data for operational and analytic needs. For more information, see [Privacy and personal data](/microsoft-365/managed-desktop/service-description/privacy-personal-data).
+<!-- AllowMicrosoftManagedDesktopProcessing-DFProperties-Begin -->
+**Description framework properties**:
 
-This setting has no effect on devices, unless they're properly enrolled in Microsoft Managed Desktop.
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- AllowMicrosoftManagedDesktopProcessing-DFProperties-End -->
+
+<!-- AllowMicrosoftManagedDesktopProcessing-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 32 | Allowed. |
+<!-- AllowMicrosoftManagedDesktopProcessing-AllowedValues-End -->
+
+<!-- AllowMicrosoftManagedDesktopProcessing-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowMicrosoftManagedDesktopProcessing-Examples-End -->
+
+<!-- AllowMicrosoftManagedDesktopProcessing-End -->
+
+<!-- AllowStorageCard-Begin -->
+## AllowStorageCard
+
+<!-- AllowStorageCard-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later |
+<!-- AllowStorageCard-Applicability-End -->
+
+<!-- AllowStorageCard-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowStorageCard
+```
+<!-- AllowStorageCard-OmaUri-End -->
+
+<!-- AllowStorageCard-Description-Begin -->
+<!-- Description-Source-DDF -->
+Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card. Most restricted value is 0.
+<!-- AllowStorageCard-Description-End -->
+
+<!-- AllowStorageCard-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowStorageCard-Editable-End -->
+
+<!-- AllowStorageCard-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowStorageCard-DFProperties-End -->
+
+<!-- AllowStorageCard-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card. |
+| 1 (Default) | Allow a storage card. |
+<!-- AllowStorageCard-AllowedValues-End -->
+
+<!-- AllowStorageCard-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowStorageCard-Examples-End -->
+
+<!-- AllowStorageCard-End -->
+
+<!-- AllowTelemetry-Begin -->
+## AllowTelemetry
+
+<!-- AllowTelemetry-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later |
+<!-- AllowTelemetry-Applicability-End -->
+
+<!-- AllowTelemetry-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/System/AllowTelemetry
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowTelemetry
+```
+<!-- AllowTelemetry-OmaUri-End -->
+
+<!-- AllowTelemetry-Description-Begin -->
+<!-- Description-Source-ADMX -->
+By configuring this policy setting you can adjust what diagnostic data is collected from Windows. This policy setting also restricts the user from increasing the amount of diagnostic data collection via the Settings app. The diagnostic data collected under this policy impacts the operating system and apps that are considered part of Windows and does not apply to any additional apps installed by your organization.
+
+- Diagnostic data off (not recommended). Using this value, no diagnostic data is sent from the device. This value is only supported on Enterprise, Education, and Server editions.
+- Send required diagnostic data. This is the minimum diagnostic data necessary to keep Windows secure, up to date, and performing as expected. Using this value disables the "Optional diagnostic data" control in the Settings app.
+- Send optional diagnostic data. Additional diagnostic data is collected that helps us to detect, diagnose and fix issues, as well as make product improvements. Required diagnostic data will always be included when you choose to send optional diagnostic data. Optional diagnostic data can also include diagnostic log files and crash dumps. Use the "Limit Dump Collection" and the "Limit Diagnostic Log Collection" policies for more granular control of what optional diagnostic data is sent.
+
+If you disable or do not configure this policy setting, the device will send required diagnostic data and the end user can choose whether to send optional diagnostic data from the Settings app.
+
+Note:
+The "Configure diagnostic data opt-in settings user interface" group policy can be used to prevent end users from changing their data collection settings.
+<!-- AllowTelemetry-Description-End -->
+
+<!-- AllowTelemetry-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowTelemetry-Editable-End -->
+
+<!-- AllowTelemetry-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowTelemetry-DFProperties-End -->
+
+<!-- AllowTelemetry-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Security. Information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
+Note: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1. |
+| 1 (Default) | Basic. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level. |
+| 3 | Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels. |
+<!-- AllowTelemetry-AllowedValues-End -->
+
+<!-- AllowTelemetry-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AllowTelemetry |
+| Friendly Name | Allow Diagnostic Data |
+| Location | Computer and User Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- AllowTelemetry-GpMapping-End -->
+
+<!-- AllowTelemetry-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowTelemetry-Examples-End -->
+
+<!-- AllowTelemetry-End -->
+
+<!-- AllowUpdateComplianceProcessing-Begin -->
+## AllowUpdateComplianceProcessing
+
+<!-- AllowUpdateComplianceProcessing-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763.1217] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.836] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- AllowUpdateComplianceProcessing-Applicability-End -->
+
+<!-- AllowUpdateComplianceProcessing-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowUpdateComplianceProcessing
+```
+<!-- AllowUpdateComplianceProcessing-OmaUri-End -->
+
+<!-- AllowUpdateComplianceProcessing-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at <https://go.microsoft.com/fwlink/?linkid=2185086>.
+To enable this behavior:
+1. Enable this policy setting
+2. Join an Azure Active Directory account to the device
+3. Set Allow Telemetry to value 1 - Required, or higher
+4. Set the Configure the Commercial ID setting for your Update Compliance workspace
 
 When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+If you disable or do not configure this policy setting, devices will not appear in Update Compliance.
+<!-- AllowUpdateComplianceProcessing-Description-End -->
 
-If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
+<!-- AllowUpdateComplianceProcessing-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowUpdateComplianceProcessing-Editable-End -->
 
->[!IMPORTANT]
-> You should not disable or make changes to this policy as that will severely impact the ability of Microsoft Managed Desktop to manage the devices.
+<!-- AllowUpdateComplianceProcessing-DFProperties-Begin -->
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- AllowUpdateComplianceProcessing-DFProperties-End -->
 
-<!--Policy-->
-<a href="" id="system-allowstoragecard"></a>**System/AllowStorageCard**
+<!-- AllowUpdateComplianceProcessing-AllowedValues-Begin -->
+**Allowed values**:
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 16 | Enabled. |
+<!-- AllowUpdateComplianceProcessing-AllowedValues-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- AllowUpdateComplianceProcessing-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--/SupportedSKUs-->
-<hr/>
+| Name | Value |
+|:--|:--|
+| Name | AllowUpdateComplianceProcessing |
+| Friendly Name | Allow Update Compliance Processing |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- AllowUpdateComplianceProcessing-GpMapping-End -->
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- AllowUpdateComplianceProcessing-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowUpdateComplianceProcessing-Examples-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- AllowUpdateComplianceProcessing-End -->
 
-<hr/>
+<!-- AllowUserToResetPhone-Begin -->
+## AllowUserToResetPhone
 
-<!--/Scope-->
-<!--Description-->
-Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card.
+<!-- AllowUserToResetPhone-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later |
+<!-- AllowUserToResetPhone-Applicability-End -->
 
-Most restricted value is 0.
+<!-- AllowUserToResetPhone-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowUserToResetPhone
+```
+<!-- AllowUserToResetPhone-OmaUri-End -->
 
-<!--/Description-->
-<!--SupportedValues-->
-The following list shows the supported values:
+<!-- AllowUserToResetPhone-Description-Begin -->
+<!-- Description-Source-DDF -->
+Specifies whether to allow the user to factory reset the device by using control panel and hardware key combination. Most restricted value is 0. Tip, This policy is also applicable to Windows 10 and not exclusive to phone.
+<!-- AllowUserToResetPhone-Description-End -->
 
--   0 – SD card use isn't allowed, and USB drives are disabled. This setting doesn't prevent programmatic access to the storage card.
--   1 (default) – Allow a storage card.
+<!-- AllowUserToResetPhone-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowUserToResetPhone-Editable-End -->
 
-<!--/SupportedValues-->
-<!--/Policy-->
+<!-- AllowUserToResetPhone-DFProperties-Begin -->
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowUserToResetPhone-DFProperties-End -->
 
-<!--Policy-->
-<a href="" id="system-allowtelemetry"></a>**System/AllowTelemetry**
+<!-- AllowUserToResetPhone-AllowedValues-Begin -->
+**Allowed values**:
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+| Value | Description |
+|:--|:--|
+| 0 | Not allowed. |
+| 1 (Default) | Allowed to reset to factory default settings. |
+<!-- AllowUserToResetPhone-AllowedValues-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- AllowUserToResetPhone-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowUserToResetPhone-Examples-End -->
 
-<!--/SupportedSKUs-->
-<hr/>
+<!-- AllowUserToResetPhone-End -->
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- AllowWUfBCloudProcessing-Begin -->
+## AllowWUfBCloudProcessing
 
-> [!div class = "checklist"]
-> * User
-> * Device
+<!-- AllowWUfBCloudProcessing-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763.1217] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.836] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- AllowWUfBCloudProcessing-Applicability-End -->
 
-<hr/>
+<!-- AllowWUfBCloudProcessing-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/AllowWUfBCloudProcessing
+```
+<!-- AllowWUfBCloudProcessing-OmaUri-End -->
 
-<!--/Scope-->
-<!--Description-->
-Allows the device to send diagnostic and usage telemetry data, such as Watson.
-
-For more information about diagnostic data, including what is and what isn't collected by Windows, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
-
-The following list shows the supported values for Windows 8.1:
--   0 - Not allowed.
--   1 – Allowed, except for Secondary Data Requests.
--   2 (default) – Allowed.
-
-In Windows 10, you can configure this policy setting to decide what level of diagnostic data to send to Microsoft.
-
-The following list shows the supported values for Windows 10 version 1809 and older, choose the value that is applicable to your OS version (older OS values are displayed in the brackets):
-
-- 0 – **Off (Security)** This value turns Windows diagnostic data off.
-
-    > [!NOTE]
-    > This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 IoT Core (IoT Core), HoloLens 2, and Windows Server 2016 (and later versions). Using this setting on other devices editions of Windows is equivalent to setting the value of 1.
-
-- 1 – **Required (Basic)** Sends basic device info, including quality-related data, app compatibility, and other similar data to keep the device secure and up-to-date.
-
-- 2 – (**Enhanced**) Sends the same data as a value of 1, plus extra insights, including how Windows apps are used, how they perform, and advanced reliability data, such as limited crash dumps.
-
-    > [!NOTE]
-    > **Enhanced** is no longer an option for Windows Holographic, version 21H1.
-
-- 3 – **Optional (Full)** Sends the same data as a value of 2, plus extra data necessary to identify and fix problems with devices such as enhanced error logs.
-
-Most restrictive value is 0.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Allow Telemetry*
--   GP name: *AllowTelemetry*
--   GP element: *AllowTelemetry*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
-
-<!--/ADMXMapped-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-allowupdatecomplianceprocessing"></a>**System/AllowUpdateComplianceProcessing**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-
-This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID policy settings, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
-
-To enable this behavior, you must complete three steps:
-
- 1. Enable this policy setting.
- 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above.
- 3. Set the Configure the Commercial ID setting for your Update Compliance workspace.
+<!-- AllowWUfBCloudProcessing-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at <https://go.microsoft.com/fwlink/?linkid=2185086>.
+To enable this behavior:
+1. Enable this policy setting
+2. Join an Azure Active Directory account to the device
+3. Set Allow Telemetry to value 1 - Required, or higher
 
 When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+If you disable or do not configure this policy setting, devices enrolled to the Windows Update for Business deployment service will not be able to take advantage of some deployment service features.
+<!-- AllowWUfBCloudProcessing-Description-End -->
 
-If you disable or don't configure this policy setting, devices won't appear in Update Compliance.
+<!-- AllowWUfBCloudProcessing-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowWUfBCloudProcessing-Editable-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Allow Update Compliance Processing*
--   GP name: *AllowUpdateComplianceProcessing*
--   GP element: *AllowUpdateComplianceProcessing*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
+<!-- AllowWUfBCloudProcessing-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- AllowWUfBCloudProcessing-DFProperties-End -->
 
--   0 - Disabled.
--   16 - Enabled.
-<!--/SupportedValues-->
-<!--/Policy-->
+<!-- AllowWUfBCloudProcessing-AllowedValues-Begin -->
+**Allowed values**:
 
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 8 | Enabled. |
+<!-- AllowWUfBCloudProcessing-AllowedValues-End -->
 
-<hr/>
+<!-- AllowWUfBCloudProcessing-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--Policy-->
-<a href="" id="system-allowusertoresetphone"></a>**System/AllowUserToResetPhone**
+| Name | Value |
+|:--|:--|
+| Name | AllowWUfBCloudProcessing |
+| Friendly Name | Allow WUfB Cloud Processing |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- AllowWUfBCloudProcessing-GpMapping-End -->
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- AllowWUfBCloudProcessing-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowWUfBCloudProcessing-Examples-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- AllowWUfBCloudProcessing-End -->
 
-<!--/SupportedSKUs-->
-<hr/>
+<!-- BootStartDriverInitialization-Begin -->
+## BootStartDriverInitialization
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- BootStartDriverInitialization-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+<!-- BootStartDriverInitialization-Applicability-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- BootStartDriverInitialization-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/BootStartDriverInitialization
+```
+<!-- BootStartDriverInitialization-OmaUri-End -->
 
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Specifies whether to allow the user to factory reset the device by using control panel and hardware key combination.
-
-Most restricted value is 0.
-
-> [!TIP]
-> This policy is also applicable to Windows 10 and not exclusive to phone.
-<!--/Description-->
-<!--SupportedValues-->
-The following list shows the supported values:
--   0 – Not allowed.
--   1 (default) – Allowed to reset to factory default settings.
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-allowwufbcloudprocessing"></a>**System/AllowWUfBCloudProcessing**
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-
-This policy setting configures an Azure Active Directory-joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the [Product Terms](https://www.microsoft.com/licensing/terms/productoffering).
-
-To enable this behavior, you must complete three steps:
-
- 1. Enable this policy setting.
- 2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above.
- 3. Join an Azure Active Directory account to the device.
-
-When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
-
-If you disable or don't configure this policy setting, devices enrolled to the Windows Update for Business deployment service won't be able to take advantage of some deployment service features.
-
-<hr/>
-
-<!--/Description-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 - Disabled.
--   8 - Enabled.
-<!--/SupportedValues-->
-
-
-<!--Policy-->
-<a href="" id="system-bootstartdriverinitialization"></a>**System/BootStartDriverInitialization**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
+<!-- BootStartDriverInitialization-Description-Begin -->
+<!-- Description-Source-ADMX -->
 This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver:
--  Good: The driver has been signed and hasn't been tampered with.
--  Bad: The driver has been identified as malware. It's recommended that you don't allow known bad drivers to be initialized.
--  Bad, but required for boot: The driver has been identified as malware, but the computer can't successfully boot without loading this driver.
--  Unknown: This driver hasn't been attested to by your malware detection application and hasn't been classified by the Early Launch Antimalware boot-start driver.
+- Good: The driver has been signed and has not been tampered with.
+- Bad: The driver has been identified as malware. It is recommended that you do not allow known bad drivers to be initialized.
+- Bad, but required for boot: The driver has been identified as malware, but the computer cannot successfully boot without loading this driver.
+- Unknown: This driver has not been attested to by your malware detection application and has not been classified by the Early Launch Antimalware boot-start driver.
 
-If you enable this policy setting, you'll be able to choose which boot-start drivers to initialize next time the computer is started.
+If you enable this policy setting you will be able to choose which boot-start drivers to initialize the next time the computer is started.
 
-If you disable or don't configure this policy setting, the boot start drivers determined to be Good, Unknown, or Bad, but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.
+If you disable or do not configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.
 
-If your malware detection application doesn't include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.
+If your malware detection application does not include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.
+<!-- BootStartDriverInitialization-Description-End -->
 
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+<!-- BootStartDriverInitialization-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- BootStartDriverInitialization-Editable-End -->
 
-<!--ADMXBacked-->
-ADMX Info:
--   GP Friendly name: *Boot-Start Driver Initialization Policy*
--   GP name: *POL_DriverLoadPolicy_Name*
--   GP path: *System/Early Launch Antimalware*
--   GP ADMX file name: *earlylauncham.admx*
+<!-- BootStartDriverInitialization-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--/ADMXBacked-->
-<!--/Policy-->
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- BootStartDriverInitialization-DFProperties-End -->
 
-<hr/>
+<!-- BootStartDriverInitialization-AdmxBacked-Begin -->
+**ADMX mapping**:
 
-<!--Policy-->
-<a href="" id="system-configuremicrosoft365uploadendpoint"></a>**System/ConfigureMicrosoft365UploadEndpoint**
+| Name | Value |
+|:--|:--|
+| Name | POL_DriverLoadPolicy_Name |
+| Friendly Name | Boot-Start Driver Initialization Policy |
+| Location | Computer Configuration |
+| Path | System > Early Launch Antimalware |
+| Registry Key Name | System\CurrentControlSet\Policies\EarlyLaunch |
+| Registry Value Name | DriverLoadPolicy |
+| ADMX File Name | EarlyLaunchAM.admx |
+<!-- BootStartDriverInitialization-AdmxBacked-End -->
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- BootStartDriverInitialization-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- BootStartDriverInitialization-Examples-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- BootStartDriverInitialization-End -->
 
-<!--/SupportedSKUs-->
-<hr/>
+<!-- ConfigureMicrosoft365UploadEndpoint-Begin -->
+## ConfigureMicrosoft365UploadEndpoint
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- ConfigureMicrosoft365UploadEndpoint-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
+<!-- ConfigureMicrosoft365UploadEndpoint-Applicability-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- ConfigureMicrosoft365UploadEndpoint-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/ConfigureMicrosoft365UploadEndpoint
+```
+<!-- ConfigureMicrosoft365UploadEndpoint-OmaUri-End -->
 
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy sets the upload endpoint for this device’s diagnostic data as part of the Microsoft 365 Update Readiness program.
+<!-- ConfigureMicrosoft365UploadEndpoint-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy sets the upload endpoint for this device’s diagnostic data as part of the Desktop Analytics program.
 
 If your organization is participating in the program and has been instructed to configure a custom upload endpoint, then use this setting to define that endpoint.
-
 The value for this setting will be provided by Microsoft as part of the onboarding process for the program.
-
-Supported value type is string.
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Configure Microsoft 365 Update Readiness upload endpoint*
--   GP name: *ConfigureMicrosoft365UploadEndpoint*
--   GP element: *ConfigureMicrosoft365UploadEndpoint*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-
-<!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-configuretelemetryoptinchangenotification"></a>**System/ConfigureTelemetryOptInChangeNotification**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting determines whether a device shows notifications about telemetry levels to people on first sign in or when changes occur in Settings. 
-
-- If you set this policy setting to "Disable telemetry change notifications", telemetry level notifications stop appearing.
-- If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first sign in and when changes occur in Settings.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Configure telemetry opt-in change notifications.*
--   GP name: *ConfigureTelemetryOptInChangeNotification*
--   GP element: *ConfigureTelemetryOptInChangeNotification*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
--   0 (default) - Enable telemetry change notifications
--   1 - Disable telemetry change notifications
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-configuretelemetryoptinsettingsux"></a>**System/ConfigureTelemetryOptInSettingsUx**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting determines whether people can change their own telemetry levels in Settings. This setting should be used in conjunction with the Allow Telemetry settings.
-
-If you set this policy setting to "Disable Telemetry opt-in Settings", telemetry levels are disabled in Settings, preventing people from changing them.
-
-If you set this policy setting to "Enable Telemetry opt-in Settings" or don't configure this policy setting, people can change their own telemetry levels in Settings.
-
-> [!Note]
-> Set the Allow Telemetry policy setting to prevent people from sending diagnostic data to Microsoft beyond your organization's acceptable level of data disclosure.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Configure telemetry opt-in setting user interface.*
--   GP name: *ConfigureTelemetryOptInSettingsUx*
--   GP element: *ConfigureTelemetryOptInSettingsUx*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
--   0 (default) - Enable Telemetry opt-in Settings
--   1 - Disable Telemetry opt-in Settings
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-disabledevicedelete"></a>**System/DisableDeviceDelete**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting controls whether the Delete diagnostic data button is enabled in Diagnostic & Feedback Settings page.
-
-- If you enable this policy setting, the Delete diagnostic data button will be disabled in Settings page, preventing the deletion of diagnostic data collected by Microsoft from the device.
-- If you disable or don't configure this policy setting, the Delete diagnostic data button will be enabled in Settings page, which allows people to erase all diagnostic data collected by Microsoft from that device.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Disable deleting diagnostic data*
--   GP name: *DisableDeviceDelete*
--   GP element: *DisableDeviceDelete*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-
-<!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-disablediagnosticdataviewer"></a>**System/DisableDiagnosticDataViewer**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting controls whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page.
-
-- If you enable this policy setting, the Diagnostic Data Viewer won't be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device.
-- If you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Disable diagnostic data viewer.*
--   GP name: *DisableDiagnosticDataViewer*
--   GP element: *DisableDiagnosticDataViewer*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-
-<!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-disableenterpriseauthproxy"></a>**System/DisableEnterpriseAuthProxy**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy, to send data back to Microsoft on Windows 10. If you disable or don't configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy, to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service*
--   GP name: *DisableEnterpriseAuthProxy*
--   GP element: *DisableEnterpriseAuthProxy*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
-
-<!--/ADMXMapped-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-disableonedrivefilesync"></a>**System/DisableOneDriveFileSync**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting:
-
-* Users can't access OneDrive from the OneDrive app or file picker.
-* Microsoft Store apps can't access OneDrive using the WinRT API.
-* OneDrive doesn't appear in the navigation pane in File Explorer.
-* OneDrive files aren't kept in sync with the cloud.
-* Users can't automatically upload photos and videos from the camera roll folder.
-
-If you disable or don't configure this policy setting, apps and features can work with OneDrive file storage.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Prevent the usage of OneDrive for file storage*
--   GP name: *PreventOnedriveFileSync*
--   GP path: *Windows Components/OneDrive*
--   GP ADMX file name: *SkyDrive.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 (default) – False (sync enabled).
--   1 – True (sync disabled).
-
-<!--/SupportedValues-->
-<!--Validation-->
-To validate on Desktop, do the following steps:
-
-1.   Enable policy.
-2.   Restart machine.
-3.   Verify that OneDrive.exe isn't running in Task Manager.
-
-<!--/Validation-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-disablesystemrestore"></a>**System/DisableSystemRestore**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
+<!-- ConfigureMicrosoft365UploadEndpoint-Description-End -->
+
+<!-- ConfigureMicrosoft365UploadEndpoint-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ConfigureMicrosoft365UploadEndpoint-Editable-End -->
+
+<!-- ConfigureMicrosoft365UploadEndpoint-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- ConfigureMicrosoft365UploadEndpoint-DFProperties-End -->
+
+<!-- ConfigureMicrosoft365UploadEndpoint-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureMicrosoft365UploadEndpoint |
+| Friendly Name | Configure diagnostic data upload endpoint for Desktop Analytics |
+| Element Name | Desktop Analytics Custom Upload Endpoint |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- ConfigureMicrosoft365UploadEndpoint-GpMapping-End -->
+
+<!-- ConfigureMicrosoft365UploadEndpoint-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- ConfigureMicrosoft365UploadEndpoint-Examples-End -->
+
+<!-- ConfigureMicrosoft365UploadEndpoint-End -->
+
+<!-- ConfigureTelemetryOptInChangeNotification-Begin -->
+## ConfigureTelemetryOptInChangeNotification
+
+<!-- ConfigureTelemetryOptInChangeNotification-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- ConfigureTelemetryOptInChangeNotification-Applicability-End -->
+
+<!-- ConfigureTelemetryOptInChangeNotification-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInChangeNotification
+```
+<!-- ConfigureTelemetryOptInChangeNotification-OmaUri-End -->
+
+<!-- ConfigureTelemetryOptInChangeNotification-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting controls whether notifications are shown, following a change to diagnostic data opt-in settings, on first logon and when the changes occur in settings.
+
+If you set this policy setting to "Disable diagnostic data change notifications", diagnostic data opt-in change notifications will not appear.
+
+If you set this policy setting to "Enable diagnostic data change notifications" or don't configure this policy setting, diagnostic data opt-in change notifications appear at first logon and when the changes occur in Settings.
+<!-- ConfigureTelemetryOptInChangeNotification-Description-End -->
+
+<!-- ConfigureTelemetryOptInChangeNotification-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ConfigureTelemetryOptInChangeNotification-Editable-End -->
+
+<!-- ConfigureTelemetryOptInChangeNotification-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- ConfigureTelemetryOptInChangeNotification-DFProperties-End -->
+
+<!-- ConfigureTelemetryOptInChangeNotification-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Enable telemetry change notifications. |
+| 1 | Disable telemetry change notifications. |
+<!-- ConfigureTelemetryOptInChangeNotification-AllowedValues-End -->
+
+<!-- ConfigureTelemetryOptInChangeNotification-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureTelemetryOptInChangeNotification |
+| Friendly Name | Configure diagnostic data opt-in change notifications |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- ConfigureTelemetryOptInChangeNotification-GpMapping-End -->
+
+<!-- ConfigureTelemetryOptInChangeNotification-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- ConfigureTelemetryOptInChangeNotification-Examples-End -->
+
+<!-- ConfigureTelemetryOptInChangeNotification-End -->
+
+<!-- ConfigureTelemetryOptInSettingsUx-Begin -->
+## ConfigureTelemetryOptInSettingsUx
+
+<!-- ConfigureTelemetryOptInSettingsUx-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- ConfigureTelemetryOptInSettingsUx-Applicability-End -->
+
+<!-- ConfigureTelemetryOptInSettingsUx-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUx
+```
+<!-- ConfigureTelemetryOptInSettingsUx-OmaUri-End -->
+
+<!-- ConfigureTelemetryOptInSettingsUx-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting determines whether an end user can change diagnostic data settings in the Settings app.
+
+If you set this policy setting to "Disable diagnostic data opt-in settings", diagnostic data settings are disabled in the Settings app.
+
+If you don't configure this policy setting, or you set it to "Enable diagnostic data opt-in settings", end users can change the device diagnostic settings in the Settings app.
+
+Note:
+To set a limit on the amount of diagnostic data that is sent to Microsoft by your organization, use the "Allow Diagnostic Data" policy setting.
+<!-- ConfigureTelemetryOptInSettingsUx-Description-End -->
+
+<!-- ConfigureTelemetryOptInSettingsUx-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ConfigureTelemetryOptInSettingsUx-Editable-End -->
+
+<!-- ConfigureTelemetryOptInSettingsUx-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- ConfigureTelemetryOptInSettingsUx-DFProperties-End -->
+
+<!-- ConfigureTelemetryOptInSettingsUx-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Enable Telemetry opt-in Settings. |
+| 1 | Disable Telemetry opt-in Settings. |
+<!-- ConfigureTelemetryOptInSettingsUx-AllowedValues-End -->
+
+<!-- ConfigureTelemetryOptInSettingsUx-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureTelemetryOptInSettingsUx |
+| Friendly Name | Configure diagnostic data opt-in settings user interface |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- ConfigureTelemetryOptInSettingsUx-GpMapping-End -->
+
+<!-- ConfigureTelemetryOptInSettingsUx-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- ConfigureTelemetryOptInSettingsUx-Examples-End -->
+
+<!-- ConfigureTelemetryOptInSettingsUx-End -->
+
+<!-- DisableDeviceDelete-Begin -->
+## DisableDeviceDelete
+
+<!-- DisableDeviceDelete-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
+<!-- DisableDeviceDelete-Applicability-End -->
+
+<!-- DisableDeviceDelete-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/DisableDeviceDelete
+```
+<!-- DisableDeviceDelete-OmaUri-End -->
+
+<!-- DisableDeviceDelete-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting controls whether the Delete diagnostic data button is enabled in Diagnostic & feedback Settings page.
+
+If you enable this policy setting, the Delete diagnostic data button will be disabled in Settings page, preventing the deletion of diagnostic data collected by Microsoft from the device.
+
+If you disable or don't configure this policy setting, the Delete diagnostic data button will be enabled in Settings page, which allows people to erase all diagnostic data collected by Microsoft from that device.
+<!-- DisableDeviceDelete-Description-End -->
+
+<!-- DisableDeviceDelete-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableDeviceDelete-Editable-End -->
+
+<!-- DisableDeviceDelete-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableDeviceDelete-DFProperties-End -->
+
+<!-- DisableDeviceDelete-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not disabled. |
+| 1 | Disabled. |
+<!-- DisableDeviceDelete-AllowedValues-End -->
+
+<!-- DisableDeviceDelete-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DisableDeviceDelete |
+| Friendly Name | Disable deleting diagnostic data |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- DisableDeviceDelete-GpMapping-End -->
+
+<!-- DisableDeviceDelete-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableDeviceDelete-Examples-End -->
+
+<!-- DisableDeviceDelete-End -->
+
+<!-- DisableDiagnosticDataViewer-Begin -->
+## DisableDiagnosticDataViewer
+
+<!-- DisableDiagnosticDataViewer-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
+<!-- DisableDiagnosticDataViewer-Applicability-End -->
+
+<!-- DisableDiagnosticDataViewer-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/DisableDiagnosticDataViewer
+```
+<!-- DisableDiagnosticDataViewer-OmaUri-End -->
+
+<!-- DisableDiagnosticDataViewer-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting controls whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & feedback Settings page.
+
+If you enable this policy setting, the Diagnostic Data Viewer will not be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device.
+
+If you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page.
+<!-- DisableDiagnosticDataViewer-Description-End -->
+
+<!-- DisableDiagnosticDataViewer-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableDiagnosticDataViewer-Editable-End -->
+
+<!-- DisableDiagnosticDataViewer-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableDiagnosticDataViewer-DFProperties-End -->
+
+<!-- DisableDiagnosticDataViewer-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not disabled. |
+| 1 | Disabled. |
+<!-- DisableDiagnosticDataViewer-AllowedValues-End -->
+
+<!-- DisableDiagnosticDataViewer-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DisableDiagnosticDataViewer |
+| Friendly Name | Disable diagnostic data viewer |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- DisableDiagnosticDataViewer-GpMapping-End -->
+
+<!-- DisableDiagnosticDataViewer-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableDiagnosticDataViewer-Examples-End -->
+
+<!-- DisableDiagnosticDataViewer-End -->
+
+<!-- DisableDirectXDatabaseUpdate-Begin -->
+## DisableDirectXDatabaseUpdate
+
+<!-- DisableDirectXDatabaseUpdate-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later |
+<!-- DisableDirectXDatabaseUpdate-Applicability-End -->
+
+<!-- DisableDirectXDatabaseUpdate-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/DisableDirectXDatabaseUpdate
+```
+<!-- DisableDirectXDatabaseUpdate-OmaUri-End -->
+
+<!-- DisableDirectXDatabaseUpdate-Description-Begin -->
+<!-- Description-Source-DDF -->
+This group policy allows control over whether the DirectX Database Updater task will be run on the system.
+<!-- DisableDirectXDatabaseUpdate-Description-End -->
+
+<!-- DisableDirectXDatabaseUpdate-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableDirectXDatabaseUpdate-Editable-End -->
+
+<!-- DisableDirectXDatabaseUpdate-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableDirectXDatabaseUpdate-DFProperties-End -->
+
+<!-- DisableDirectXDatabaseUpdate-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not disabled. |
+| 1 | Disabled. |
+<!-- DisableDirectXDatabaseUpdate-AllowedValues-End -->
+
+<!-- DisableDirectXDatabaseUpdate-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DisableDirectXDatabaseUpdate |
+| Path | GroupPolicy > AT > Network > DirectXDatabase |
+<!-- DisableDirectXDatabaseUpdate-GpMapping-End -->
+
+<!-- DisableDirectXDatabaseUpdate-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableDirectXDatabaseUpdate-Examples-End -->
+
+<!-- DisableDirectXDatabaseUpdate-End -->
+
+<!-- DisableEnterpriseAuthProxy-Begin -->
+## DisableEnterpriseAuthProxy
+
+<!-- DisableEnterpriseAuthProxy-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- DisableEnterpriseAuthProxy-Applicability-End -->
+
+<!-- DisableEnterpriseAuthProxy-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/DisableEnterpriseAuthProxy
+```
+<!-- DisableEnterpriseAuthProxy-OmaUri-End -->
+
+<!-- DisableEnterpriseAuthProxy-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
+<!-- DisableEnterpriseAuthProxy-Description-End -->
+
+<!-- DisableEnterpriseAuthProxy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableEnterpriseAuthProxy-Editable-End -->
+
+<!-- DisableEnterpriseAuthProxy-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableEnterpriseAuthProxy-DFProperties-End -->
+
+<!-- DisableEnterpriseAuthProxy-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | Enable |
+| 0 (Default) | Disable |
+<!-- DisableEnterpriseAuthProxy-AllowedValues-End -->
+
+<!-- DisableEnterpriseAuthProxy-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DisableEnterpriseAuthProxy |
+| Friendly Name | Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- DisableEnterpriseAuthProxy-GpMapping-End -->
+
+<!-- DisableEnterpriseAuthProxy-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableEnterpriseAuthProxy-Examples-End -->
+
+<!-- DisableEnterpriseAuthProxy-End -->
+
+<!-- DisableOneDriveFileSync-Begin -->
+## DisableOneDriveFileSync
+
+<!-- DisableOneDriveFileSync-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+<!-- DisableOneDriveFileSync-Applicability-End -->
+
+<!-- DisableOneDriveFileSync-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/DisableOneDriveFileSync
+```
+<!-- DisableOneDriveFileSync-OmaUri-End -->
+
+<!-- DisableOneDriveFileSync-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting lets you prevent apps and features from working with files on OneDrive.
+If you enable this policy setting:
+
+* Users can’t access OneDrive from the OneDrive app and file picker.
+* Windows Store apps can’t access OneDrive using the WinRT API.
+* OneDrive doesn’t appear in the navigation pane in File Explorer.
+* OneDrive files aren’t kept in sync with the cloud.
+* Users can’t automatically upload photos and videos from the camera roll folder.
+
+If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
+<!-- DisableOneDriveFileSync-Description-End -->
+
+<!-- DisableOneDriveFileSync-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableOneDriveFileSync-Editable-End -->
+
+<!-- DisableOneDriveFileSync-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableOneDriveFileSync-DFProperties-End -->
+
+<!-- DisableOneDriveFileSync-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Sync enabled. |
+| 1 | Sync disabled. |
+<!-- DisableOneDriveFileSync-AllowedValues-End -->
+
+<!-- DisableOneDriveFileSync-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | PreventOnedriveFileSync |
+| Friendly Name | Prevent the usage of OneDrive for file storage |
+| Location | Computer Configuration |
+| Path | Windows Components > OneDrive |
+| Registry Key Name | Software\Policies\Microsoft\Windows\OneDrive |
+| Registry Value Name | DisableFileSyncNGSC |
+| ADMX File Name | SkyDrive.admx |
+<!-- DisableOneDriveFileSync-GpMapping-End -->
+
+<!-- DisableOneDriveFileSync-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableOneDriveFileSync-Examples-End -->
+
+<!-- DisableOneDriveFileSync-End -->
+
+<!-- DisableOneSettingsDownloads-Begin -->
+## DisableOneSettingsDownloads
+
+<!-- DisableOneSettingsDownloads-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- DisableOneSettingsDownloads-Applicability-End -->
+
+<!-- DisableOneSettingsDownloads-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/DisableOneSettingsDownloads
+```
+<!-- DisableOneSettingsDownloads-OmaUri-End -->
+
+<!-- DisableOneSettingsDownloads-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting controls whether Windows attempts to connect with the OneSettings service.
+
+If you enable this policy, Windows will not attempt to connect with the OneSettings Service.
+
+If you disable or don't configure this policy setting, Windows will periodically attempt to connect with the OneSettings service to download configuration settings.
+<!-- DisableOneSettingsDownloads-Description-End -->
+
+<!-- DisableOneSettingsDownloads-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableOneSettingsDownloads-Editable-End -->
+
+<!-- DisableOneSettingsDownloads-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableOneSettingsDownloads-DFProperties-End -->
+
+<!-- DisableOneSettingsDownloads-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Not disabled. |
+| 1 | Disabled. |
+<!-- DisableOneSettingsDownloads-AllowedValues-End -->
+
+<!-- DisableOneSettingsDownloads-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DisableOneSettingsDownloads |
+| Friendly Name | Disable OneSettings Downloads |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- DisableOneSettingsDownloads-GpMapping-End -->
+
+<!-- DisableOneSettingsDownloads-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableOneSettingsDownloads-Examples-End -->
+
+<!-- DisableOneSettingsDownloads-End -->
+
+<!-- DisableSystemRestore-Begin -->
+## DisableSystemRestore
+
+<!-- DisableSystemRestore-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+<!-- DisableSystemRestore-Applicability-End -->
+
+<!-- DisableSystemRestore-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/DisableSystemRestore
+```
+<!-- DisableSystemRestore-OmaUri-End -->
+
+<!-- DisableSystemRestore-Description-Begin -->
+<!-- Description-Source-ADMX -->
 Allows you to disable System Restore.
 
 This policy setting allows you to turn off System Restore.
 
-System Restore enables users, in case of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.
+System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.
 
-If you enable this policy setting, System Restore is turned off, then System Restore Wizard can't be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.
+If you enable this policy setting, System Restore is turned off, and the System Restore Wizard cannot be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.
 
-If you disable or don't configure this policy setting, users can perform System Restore, and configure System Restore settings through System Protection.
+If you disable or do not configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection.
 
 Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available.
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:
--   GP Friendly name: *Turn off System Restore*
--   GP name: *SR_DisableSR*
--   GP path: *System/System Restore*
--   GP ADMX file name: *systemrestore.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-feedbackhubalwayssavediagnosticslocally"></a>**System/FeedbackHubAlwaysSaveDiagnosticsLocally**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-When feedback in the Feedback Hub is being filed, diagnostic logs are collected for certain types of feedback. We now offer the option for users to save it locally, in addition to sending it to Microsoft. This policy will allow enterprises to mandate that all diagnostics are saved locally for use in internal investigations.
-
-<!--/Description-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
-- 0 (default) - False. The Feedback Hub won't always save a local copy of diagnostics that may be created when feedback is submitted. The user will have the option to do so.
-- 1 - True. The Feedback Hub should always save a local copy of diagnostics that may be created when feedback is submitted.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-limitdiagnosticlogcollection"></a>**System/LimitDiagnosticLogCollection**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It's sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for more data collection.
-
-If you disable or don't configure this policy setting, we may occasionally collect advanced diagnostic data if the user has opted to send optional diagnostic data.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Limit Diagnostic Log Collection*
--   GP name: *LimitDiagnosticLogCollection*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 – Disabled
--   1 – Enabled
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-limitdumpcollection"></a>**System/LimitDumpCollection**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps aren't sent unless we have permission to collect optional diagnostic data.
-
-With this policy setting being enabled, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only.
-
-If you disable or don't configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Limit Dump Collection*
--   GP name: *LimitDumpCollection*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 – Disabled
--   1 – Enabled
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-limitenhanceddiagnosticdatawindowsanalytics"></a>**System/LimitEnhancedDiagnosticDataWindowsAnalytics**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services.
-
-To enable this behavior, you must complete two steps:
-
- 1. Enable this policy setting.
-
- 2. Set the **AllowTelemetry** level:
-
-    - For Windows 10 version 1809 and older: set **AllowTelemetry** to Enhanced.
-
-      > [!NOTE]
-      > **Enhanced** is no longer an option for Windows Holographic, version 21H1.
-
-    - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full).
-
-When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented here: <a href="/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields" data-raw-source="[Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields)">Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics</a>.
-
-Enabling enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus enhanced level telemetry data. This setting has no effect on computers configured to send Required (Basic) or Optional (Full) diagnostic data to Microsoft.
-
-If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Limit Enhanced diagnostic data to the minimum required by Windows Analytics*
--   GP name: *LimitEnhancedDiagnosticDataWindowsAnalytics*
--   GP element: *LimitEnhancedDiagnosticDataWindowsAnalytics*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
-
-<!--/ADMXMapped-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-telemetryproxy"></a>**System/TelemetryProxy**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *&lt;server&gt;:&lt;port&gt;*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there's no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data won't be transmitted and will remain on the local device.
-
-If you disable or don't configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Configure Connected User Experiences and Telemetry*
--   GP name: *TelemetryProxy*
--   GP element: *TelemetryProxyName*
--   GP path: *Data Collection and Preview Builds*
--   GP ADMX file name: *DataCollection.admx*
-
-<!--/ADMXMapped-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="system-turnofffilehistory"></a>**System/TurnOffFileHistory**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
+<!-- DisableSystemRestore-Description-End -->
+
+<!-- DisableSystemRestore-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableSystemRestore-Editable-End -->
+
+<!-- DisableSystemRestore-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- DisableSystemRestore-DFProperties-End -->
+
+<!-- DisableSystemRestore-AdmxBacked-Begin -->
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SR_DisableSR |
+| Friendly Name | Turn off System Restore |
+| Location | Computer Configuration |
+| Path | System > System Restore |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\SystemRestore |
+| Registry Value Name | DisableSR |
+| ADMX File Name | SystemRestore.admx |
+<!-- DisableSystemRestore-AdmxBacked-End -->
+
+<!-- DisableSystemRestore-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableSystemRestore-Examples-End -->
+
+<!-- DisableSystemRestore-End -->
+
+<!-- EnableOneSettingsAuditing-Begin -->
+## EnableOneSettingsAuditing
+
+<!-- EnableOneSettingsAuditing-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- EnableOneSettingsAuditing-Applicability-End -->
+
+<!-- EnableOneSettingsAuditing-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/EnableOneSettingsAuditing
+```
+<!-- EnableOneSettingsAuditing-OmaUri-End -->
+
+<!-- EnableOneSettingsAuditing-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting controls whether Windows records attempts to connect with the OneSettings service to the EventLog.
+
+If you enable this policy, Windows will record attempts to connect with the OneSettings service to the Microsoft\Windows\Privacy-Auditing\Operational EventLog channel.
+
+If you disable or don't configure this policy setting, Windows will not record attempts to connect with the OneSettings service to the EventLog.
+<!-- EnableOneSettingsAuditing-Description-End -->
+
+<!-- EnableOneSettingsAuditing-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnableOneSettingsAuditing-Editable-End -->
+
+<!-- EnableOneSettingsAuditing-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- EnableOneSettingsAuditing-DFProperties-End -->
+
+<!-- EnableOneSettingsAuditing-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+<!-- EnableOneSettingsAuditing-AllowedValues-End -->
+
+<!-- EnableOneSettingsAuditing-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnableOneSettingsAuditing |
+| Friendly Name | Enable OneSettings Auditing |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- EnableOneSettingsAuditing-GpMapping-End -->
+
+<!-- EnableOneSettingsAuditing-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- EnableOneSettingsAuditing-Examples-End -->
+
+<!-- EnableOneSettingsAuditing-End -->
+
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Begin -->
+## FeedbackHubAlwaysSaveDiagnosticsLocally
+
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Applicability-End -->
+
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/FeedbackHubAlwaysSaveDiagnosticsLocally
+```
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-OmaUri-End -->
+
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Description-Begin -->
+<!-- Description-Source-DDF -->
+Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy is not present or set to false, users will be presented with the option to save locally. The default is to not save locally.
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Description-End -->
+
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Editable-End -->
+
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-DFProperties-End -->
+
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | False. The Feedback Hub will not always save a local copy of diagnostics that may be created when a feedback is submitted. The user will have the option to do so. |
+| 1 | True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted. |
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-AllowedValues-End -->
+
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Examples-End -->
+
+<!-- FeedbackHubAlwaysSaveDiagnosticsLocally-End -->
+
+<!-- HideUnsupportedHardwareNotifications-Begin -->
+## HideUnsupportedHardwareNotifications
+
+<!-- HideUnsupportedHardwareNotifications-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- HideUnsupportedHardwareNotifications-Applicability-End -->
+
+<!-- HideUnsupportedHardwareNotifications-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/HideUnsupportedHardwareNotifications
+```
+<!-- HideUnsupportedHardwareNotifications-OmaUri-End -->
+
+<!-- HideUnsupportedHardwareNotifications-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy controls messages which are shown when Windows is running on a device that does not meet the minimum system requirements for this OS version.
+
+If you enable this policy setting, these messages will never appear on desktop or in the Settings app.
+
+If you disable or do not configure this policy setting, these messages will appear on desktop and in the Settings app when Windows is running on a device that does not meet the minimum system requirements for this OS version.
+<!-- HideUnsupportedHardwareNotifications-Description-End -->
+
+<!-- HideUnsupportedHardwareNotifications-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- HideUnsupportedHardwareNotifications-Editable-End -->
+
+<!-- HideUnsupportedHardwareNotifications-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- HideUnsupportedHardwareNotifications-DFProperties-End -->
+
+<!-- HideUnsupportedHardwareNotifications-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+<!-- HideUnsupportedHardwareNotifications-AllowedValues-End -->
+
+<!-- HideUnsupportedHardwareNotifications-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | HideUnsupportedHardwareNotifications |
+| Friendly Name | Hide messages when Windows system requirements are not met |
+| Location | Computer Configuration |
+| Path | System |
+| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
+| Registry Value Name | HideUnsupportedHardwareNotifications |
+| ADMX File Name | ControlPanel.admx |
+<!-- HideUnsupportedHardwareNotifications-GpMapping-End -->
+
+<!-- HideUnsupportedHardwareNotifications-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- HideUnsupportedHardwareNotifications-Examples-End -->
+
+<!-- HideUnsupportedHardwareNotifications-End -->
+
+<!-- LimitDiagnosticLogCollection-Begin -->
+## LimitDiagnosticLogCollection
+
+<!-- LimitDiagnosticLogCollection-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- LimitDiagnosticLogCollection-Applicability-End -->
+
+<!-- LimitDiagnosticLogCollection-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/LimitDiagnosticLogCollection
+```
+<!-- LimitDiagnosticLogCollection-OmaUri-End -->
+
+<!-- LimitDiagnosticLogCollection-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting controls whether additional diagnostic logs are collected when more information is needed to troubleshoot a problem on the device. Diagnostic logs are only sent when the device has been configured to send optional diagnostic data.
+
+By enabling this policy setting, diagnostic logs will not be collected.
+
+If you disable or do not configure this policy setting, we may occasionally collect diagnostic logs if the device has been configured to send optional diagnostic data.
+<!-- LimitDiagnosticLogCollection-Description-End -->
+
+<!-- LimitDiagnosticLogCollection-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- LimitDiagnosticLogCollection-Editable-End -->
+
+<!-- LimitDiagnosticLogCollection-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- LimitDiagnosticLogCollection-DFProperties-End -->
+
+<!-- LimitDiagnosticLogCollection-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+<!-- LimitDiagnosticLogCollection-AllowedValues-End -->
+
+<!-- LimitDiagnosticLogCollection-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | LimitDiagnosticLogCollection |
+| Friendly Name | Limit Diagnostic Log Collection |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- LimitDiagnosticLogCollection-GpMapping-End -->
+
+<!-- LimitDiagnosticLogCollection-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- LimitDiagnosticLogCollection-Examples-End -->
+
+<!-- LimitDiagnosticLogCollection-End -->
+
+<!-- LimitDumpCollection-Begin -->
+## LimitDumpCollection
+
+<!-- LimitDumpCollection-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- LimitDumpCollection-Applicability-End -->
+
+<!-- LimitDumpCollection-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/LimitDumpCollection
+```
+<!-- LimitDumpCollection-OmaUri-End -->
+
+<!-- LimitDumpCollection-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. Dumps are only sent when the device has been configured to send optional diagnostic data.
+
+By enabling this setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps.
+
+If you disable or do not configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data.
+<!-- LimitDumpCollection-Description-End -->
+
+<!-- LimitDumpCollection-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- LimitDumpCollection-Editable-End -->
+
+<!-- LimitDumpCollection-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- LimitDumpCollection-DFProperties-End -->
+
+<!-- LimitDumpCollection-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+<!-- LimitDumpCollection-AllowedValues-End -->
+
+<!-- LimitDumpCollection-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | LimitDumpCollection |
+| Friendly Name | Limit Dump Collection |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- LimitDumpCollection-GpMapping-End -->
+
+<!-- LimitDumpCollection-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- LimitDumpCollection-Examples-End -->
+
+<!-- LimitDumpCollection-End -->
+
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-Begin -->
+## LimitEnhancedDiagnosticDataWindowsAnalytics
+
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-Applicability-End -->
+
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/LimitEnhancedDiagnosticDataWindowsAnalytics
+```
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-OmaUri-End -->
+
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting, in combination with the "Allow Diagnostic Data" policy setting, enables organizations to send the minimum data required by Desktop Analytics.
+
+To enable the behavior described above, complete the following steps:
+1. Enable this policy setting
+2. Set the "Allow Diagnostic Data" policy to "Send optional diagnostic data"
+3. Enable the "Limit Dump Collection" policy
+4. Enable the "Limit Diagnostic Log Collection" policy
+
+When these policies are configured, Microsoft will collect only required diagnostic data and the events required by Desktop Analytics, which can be viewed at <https://go.microsoft.com/fwlink/?linkid=2116020>.
+
+If you disable or do not configure this policy setting, diagnostic data collection is determined by the "Allow Diagnostic Data" policy setting or by the end user from the Settings app.
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-Description-End -->
+
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-Editable-End -->
+
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-DFProperties-End -->
+
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-AllowedValues-End -->
+
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | LimitEnhancedDiagnosticDataWindowsAnalytics |
+| Friendly Name | Limit optional diagnostic data for Desktop Analytics |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-GpMapping-End -->
+
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-Examples-End -->
+
+<!-- LimitEnhancedDiagnosticDataWindowsAnalytics-End -->
+
+<!-- TelemetryProxy-Begin -->
+## TelemetryProxy
+
+<!-- TelemetryProxy-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- TelemetryProxy-Applicability-End -->
+
+<!-- TelemetryProxy-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/TelemetryProxy
+```
+<!-- TelemetryProxy-OmaUri-End -->
+
+<!-- TelemetryProxy-Description-Begin -->
+<!-- Description-Source-DDF -->
+Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is `<server>`:`<port>`. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device. If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration.
+<!-- TelemetryProxy-Description-End -->
+
+<!-- TelemetryProxy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- TelemetryProxy-Editable-End -->
+
+<!-- TelemetryProxy-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- TelemetryProxy-DFProperties-End -->
+
+<!-- TelemetryProxy-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TelemetryProxy |
+| Friendly Name | Configure Connected User Experiences and Telemetry |
+| Element Name | Proxy Server Name |
+| Location | Computer Configuration |
+| Path | WindowsComponents > Data Collection and Preview Builds |
+| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
+| ADMX File Name | DataCollection.admx |
+<!-- TelemetryProxy-GpMapping-End -->
+
+<!-- TelemetryProxy-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- TelemetryProxy-Examples-End -->
+
+<!-- TelemetryProxy-End -->
+
+<!-- TurnOffFileHistory-Begin -->
+## TurnOffFileHistory
+
+<!-- TurnOffFileHistory-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later |
+<!-- TurnOffFileHistory-Applicability-End -->
+
+<!-- TurnOffFileHistory-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/System/TurnOffFileHistory
+```
+<!-- TurnOffFileHistory-OmaUri-End -->
+
+<!-- TurnOffFileHistory-Description-Begin -->
+<!-- Description-Source-ADMX -->
 This policy setting allows you to turn off File History.
 
-If you enable this policy setting, File History can't be activated to create regular, automatic backups.
+If you enable this policy setting, File History cannot be activated to create regular, automatic backups.
 
-If you disable or don't configure this policy setting, File History can be activated to create regular, automatic backups.
+If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups.
+<!-- TurnOffFileHistory-Description-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Turn off File History*
--   GP name: *DisableFileHistory*
--   GP path: *Windows Components/File History*
--   GP ADMX file name: *FileHistory.admx*
+<!-- TurnOffFileHistory-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- TurnOffFileHistory-Editable-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
+<!-- TurnOffFileHistory-DFProperties-Begin -->
+**Description framework properties**:
 
--   false (default) - allow File History
--   true  - turn off File History
-<!--/SupportedValues-->
-<!--Example-->
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- TurnOffFileHistory-DFProperties-End -->
 
-<!--/Example-->
-<!--Validation-->
+<!-- TurnOffFileHistory-AllowedValues-Begin -->
+**Allowed values**:
 
-<!--/Validation-->
-<!--/Policy-->
-<hr/>
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Allow file history. |
+| 1 | Turn off file history. |
+<!-- TurnOffFileHistory-AllowedValues-End -->
 
-<!--/Policies-->
+<!-- TurnOffFileHistory-GpMapping-Begin -->
+**Group policy mapping**:
 
-## Related topics
+| Name | Value |
+|:--|:--|
+| Name | DisableFileHistory |
+| Friendly Name | Turn off File History |
+| Location | Computer Configuration |
+| Path | Windows Components > File History |
+| Registry Key Name | Software\Policies\Microsoft\Windows\FileHistory |
+| Registry Value Name | Disabled |
+| ADMX File Name | FileHistory.admx |
+<!-- TurnOffFileHistory-GpMapping-End -->
 
-[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
+<!-- TurnOffFileHistory-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- TurnOffFileHistory-Examples-End -->
+
+<!-- TurnOffFileHistory-End -->
+
+<!-- System-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- System-CspMoreInfo-End -->
+
+<!-- System-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md
index 22fbd1c4fc..ce26e2a58d 100644
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@@ -1,103 +1,119 @@
 ---
-title: Policy CSP - Troubleshooting
-description: The Policy CSP - Troubleshooting setting allows IT admins to configure how to apply recommended troubleshooting for known problems on the devices in their domains.
+title: Troubleshooting Policy CSP
+description: Learn more about the Troubleshooting Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 12/07/2022
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- Troubleshooting-Begin -->
 # Policy CSP - Troubleshooting
 
-<hr/>
+<!-- Troubleshooting-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Troubleshooting-Editable-End -->
 
-<!--Policies-->
-## Troubleshooting policies
+<!-- AllowRecommendations-Begin -->
+## AllowRecommendations
 
-<dl>
-  <dd>
-    <a href="#troubleshooting-allowrecommendations">Troubleshooting/AllowRecommendations</a>
-  </dd>
-</dl>
+<!-- AllowRecommendations-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later |
+<!-- AllowRecommendations-Applicability-End -->
 
+<!-- AllowRecommendations-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Troubleshooting/AllowRecommendations
+```
+<!-- AllowRecommendations-OmaUri-End -->
 
-<hr/>
+<!-- AllowRecommendations-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting configures how troubleshooting for known problems can be applied on the device and lets administrators configure how it's applied to their domains/IT environments.
 
-<!--Policy-->
-<a href="" id="troubleshooting-allowrecommendations"></a>**Troubleshooting/AllowRecommendations**
+Not configuring this policy setting will allow the user to configure how troubleshooting is applied.
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+Enabling this policy allows you to configure how troubleshooting is applied on the user's device. You can select from one of the following values:
+0 = Do not allow users, system features, or Microsoft to apply troubleshooting.
+1 = Only automatically apply troubleshooting for critical problems by system features and Microsoft.
+2 = Automatically apply troubleshooting for critical problems by system features and Microsoft. Notify users when troubleshooting for other problems is available and allow users to choose to apply or ignore.
+3 = Automatically apply troubleshooting for critical and other problems by system features and Microsoft. Notify users when troubleshooting has solved a problem.
+4 = Automatically apply troubleshooting for critical and other problems by system features and Microsoft. Do not notify users when troubleshooting has solved a problem.
+5 = Allow the user to choose their own troubleshooting settings.
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+After setting this policy, you can use the following instructions to check devices in your domain for available troubleshooting from Microsoft:
+1. Create a bat script with the following contents:
+rem The following batch script triggers Recommended Troubleshooting
+schtasks /run /TN "\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner"
 
-<!--/SupportedSKUs-->
-<hr/>
+2. To create a new immediate task, navigate to the Group Policy Management Editor > Computer Configuration > Preferences and select Control Panel Settings.
+3. Under Control Panel settings, right-click on Scheduled Tasks and select New. Select Immediate Task (At least Windows 7).
+4. Provide name and description as appropriate, then under Security Options set the user account to System and select the Run with highest privileges checkbox.
+5. In the Actions tab, create a new action, select Start a Program as its type, then enter the file created in step 1.
+6. Configure the task to deploy to your domain.
+<!-- AllowRecommendations-Description-End -->
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- AllowRecommendations-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowRecommendations-Editable-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- AllowRecommendations-DFProperties-Begin -->
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowRecommendations-DFProperties-End -->
 
-<!--/Scope-->
-<!--Description-->
-This policy setting allows IT admins to configure, how to apply recommended troubleshooting for known problems on the devices in their domains or IT environments.
+<!-- AllowRecommendations-AllowedValues-Begin -->
+**Allowed values**:
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Troubleshooting: Allow users to access recommended troubleshooting for known problems*
--   GP name: *TroubleshootingAllowRecommendations*
--   GP path: *Troubleshooting and Diagnostics/Microsoft Support Diagnostic Tool*
--   GP ADMX file name: *MSDT.admx*
+| Value | Description |
+|:--|:--|
+| 0 | Off - Do not allow users, system features, or Microsoft to apply troubleshooting. |
+| 1 (Default) | Critical - Automatically apply troubleshooting for critical problems detected by system features and Microsoft. Do not notify users when troubleshooting has solved a problem. |
+| 2 | Prompt - Automatically apply troubleshooting for critical problems detected by system features and Microsoft. Prompt users when troubleshooting for other problems is available and allow the user to choose to apply or ignore. |
+| 3 | Notify - Automatically apply troubleshooting for critical and other problems detected by system features and Microsoft. Notify users when troubleshooting has solved a problem. |
+| 4 | Silent - Automatically apply troubleshooting for critical and other problems detected by system features and Microsoft. Do not notify users when troubleshooting has solved a problem. |
+| 5 | Configurable - Allow the user to choose their own troubleshooting settings. |
+<!-- AllowRecommendations-AllowedValues-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-This setting is a numeric policy setting with merge algorithm (lowest value is the most secure) that uses the most restrictive settings for complex manageability scenarios.
+<!-- AllowRecommendations-GpMapping-Begin -->
+**Group policy mapping**:
 
-Supported values:
--   0 (default) - Turn off this feature.
--   1 - Turn off this feature but still apply critical troubleshooting.
--   2 - Notify users when recommended troubleshooting is available, then allow the user to run or ignore it.
--   3 - Run recommended troubleshooting automatically and notify the user after it ran successfully.
--   4 - Run recommended troubleshooting automatically without notifying the user.
--   5 - Allow the user to choose their own recommended troubleshooting settings.
+| Name | Value |
+|:--|:--|
+| Name | TroubleshootingAllowRecommendations |
+| Friendly Name | Troubleshooting: Allow users to access recommended troubleshooting for known problems |
+| Location | Computer Configuration |
+| Path | System > Troubleshooting and Diagnostics > Microsoft Support Diagnostic Tool |
+| Registry Key Name | Software\Policies\Microsoft\Windows\Troubleshooting\AllowRecommendations |
+| Registry Value Name | TroubleshootingAllowRecommendations |
+| ADMX File Name | MSDT.admx |
+<!-- AllowRecommendations-GpMapping-End -->
 
-By default, this policy isn't configured and the SKU based defaults are used for managed devices. Current policy values for SKUs are as follows:
+<!-- AllowRecommendations-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowRecommendations-Examples-End -->
 
-|SKU|Unmanaged Default|Managed Default|
-|--- |--- |--- |
-|Home|Prompt (OOBE)|Off|
-|Pro|Prompt (OOBE)|Off|
-|Education|On (auto)|Off|
-|Enterprise|Off|Off|
-|Government|Off|Off|
+<!-- AllowRecommendations-End -->
 
-<!--/SupportedValues-->
-<!--Example-->
+<!-- Troubleshooting-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- Troubleshooting-CspMoreInfo-End -->
 
-<!--/Example-->
-<!--Validation-->
+<!-- Troubleshooting-End -->
 
-<!--/Validation-->
-<!--/Policy-->
-<hr/>
+## Related articles
 
-<!--/Policies-->
-
-## Related topics
-
-[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index f189fb67c0..557daee705 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -4,7 +4,7 @@ description: Learn more about the Update Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 11/30/2022
+ms.date: 12/07/2022
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -36,6 +36,7 @@ ms.topic: reference
 <!-- ActiveHoursEnd-OmaUri-End -->
 
 <!-- ActiveHoursEnd-Description-Begin -->
+<!-- Description-Source-DDF -->
 Allows the IT admin (when used with Update/ActiveHoursStart) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time. **Note**: The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See Update/ActiveHoursMaxRange below for more information. Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. The default is 17 (5 PM).
 <!-- ActiveHoursEnd-Description-End -->
 
@@ -59,7 +60,7 @@ Allows the IT admin (when used with Update/ActiveHoursStart) to manage a range o
 
 | Name | Value |
 |:--|:--|
-| Name | ActiveHours_Title |
+| Name | ActiveHours |
 | Friendly Name | Turn off auto-restart for updates during active hours |
 | Element Name | End |
 | Location | Computer Configuration |
@@ -90,6 +91,7 @@ Allows the IT admin (when used with Update/ActiveHoursStart) to manage a range o
 <!-- ActiveHoursMaxRange-OmaUri-End -->
 
 <!-- ActiveHoursMaxRange-Description-Begin -->
+<!-- Description-Source-ADMX -->
 Enable this policy to specify the maximum number of hours from the start time that users can set their active hours.
 
 The max active hours range can be set between 8 and 18 hours.
@@ -117,7 +119,7 @@ If you disable or do not configure this policy, the default max active hours ran
 
 | Name | Value |
 |:--|:--|
-| Name | ActiveHoursMaxRange_Title |
+| Name | ActiveHoursMaxRange |
 | Friendly Name | Specify active hours range for auto-restarts |
 | Element Name | Max range |
 | Location | Computer Configuration |
@@ -148,6 +150,7 @@ If you disable or do not configure this policy, the default max active hours ran
 <!-- ActiveHoursStart-OmaUri-End -->
 
 <!-- ActiveHoursStart-Description-Begin -->
+<!-- Description-Source-DDF -->
 Allows the IT admin (when used with Update/ActiveHoursEnd) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time. **Note**: The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See Update/ActiveHoursMaxRange above for more information. Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. The default value is 8 (8 AM).
 <!-- ActiveHoursStart-Description-End -->
 
@@ -171,7 +174,7 @@ Allows the IT admin (when used with Update/ActiveHoursEnd) to manage a range of
 
 | Name | Value |
 |:--|:--|
-| Name | ActiveHours_Title |
+| Name | ActiveHours |
 | Friendly Name | Turn off auto-restart for updates during active hours |
 | Element Name | Start |
 | Location | Computer Configuration |
@@ -202,6 +205,7 @@ Allows the IT admin (when used with Update/ActiveHoursEnd) to manage a range of
 <!-- AllowAutoUpdate-OmaUri-End -->
 
 <!-- AllowAutoUpdate-Description-Begin -->
+<!-- Description-Source-DDF -->
 Enables the IT admin to manage automatic update behavior to scan, download, and install updates. Supported operations are Get and Replace. **Important**: This option should be used only for systems under regulatory compliance, as you will not get security updates as well. If the policy is not configured, end-users get the default behavior (Auto install and restart).
 <!-- AllowAutoUpdate-Description-End -->
 
@@ -268,6 +272,7 @@ Enables the IT admin to manage automatic update behavior to scan, download, and
 <!-- AllowAutoWindowsUpdateDownloadOverMeteredNetwork-OmaUri-End -->
 
 <!-- AllowAutoWindowsUpdateDownloadOverMeteredNetwork-Description-Begin -->
+<!-- Description-Source-ADMX -->
 Enabling this policy will automatically download updates, even over metered data connections (charges may apply)
 <!-- AllowAutoWindowsUpdateDownloadOverMeteredNetwork-Description-End -->
 
@@ -302,7 +307,7 @@ This policy is accessible through the Update setting in the user interface or Gr
 
 | Name | Value |
 |:--|:--|
-| Name | AllowAutoWindowsUpdateDownloadOverMeteredNetwork_Title |
+| Name | AllowAutoWindowsUpdateDownloadOverMeteredNetwork |
 | Friendly Name | Allow updates to be downloaded automatically over metered connections |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage end user experience |
@@ -333,6 +338,7 @@ This policy is accessible through the Update setting in the user interface or Gr
 <!-- AllowMUUpdateService-OmaUri-End -->
 
 <!-- AllowMUUpdateService-Description-Begin -->
+<!-- Description-Source-DDF -->
 Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
 <!-- AllowMUUpdateService-Description-End -->
 
@@ -402,6 +408,7 @@ Allows the IT admin to manage whether to scan for app updates from Microsoft Upd
 <!-- AllowNonMicrosoftSignedUpdate-OmaUri-End -->
 
 <!-- AllowNonMicrosoftSignedUpdate-Description-Begin -->
+<!-- Description-Source-DDF -->
 Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution. Supported operations are Get and Replace. This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
 <!-- AllowNonMicrosoftSignedUpdate-Description-End -->
 
@@ -450,6 +457,7 @@ Allows the IT admin to manage whether Automatic Updates accepts updates signed b
 <!-- AllowUpdateService-OmaUri-End -->
 
 <!-- AllowUpdateService-Description-Begin -->
+<!-- Description-Source-DDF -->
 Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store. Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft Store to stop working. **Note**: This policy applies only when the desktop or device is configured to connect to an intranet update service using the Specify intranet Microsoft update service location policy.
 <!-- AllowUpdateService-Description-End -->
 
@@ -511,6 +519,7 @@ Specifies whether the device could use Microsoft Update, Windows Server Update S
 <!-- AutomaticMaintenanceWakeUp-OmaUri-End -->
 
 <!-- AutomaticMaintenanceWakeUp-Description-Begin -->
+<!-- Description-Source-ADMX -->
 This policy setting allows you to configure Automatic Maintenance wake up policy.
 
 The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note, that if the OS power wake policy is explicitly disabled, then this setting has no effect.
@@ -548,7 +557,7 @@ If you disable or do not configure this policy setting, the wake setting as spec
 
 | Name | Value |
 |:--|:--|
-| Name | WakeUp |
+| Name | WakeUpPolicy |
 | Friendly Name | Automatic Maintenance WakeUp Policy |
 | Location | Computer Configuration |
 | Path | Windows Components > Maintenance Scheduler |
@@ -579,6 +588,7 @@ If you disable or do not configure this policy setting, the wake setting as spec
 <!-- AutoRestartDeadlinePeriodInDays-OmaUri-End -->
 
 <!-- AutoRestartDeadlinePeriodInDays-Description-Begin -->
+<!-- Description-Source-ADMX -->
 Specify the deadline before the PC will automatically restart to apply updates. The deadline can be set 2 to 14 days past the default restart date.
 
 The restart may happen inside active hours.
@@ -610,7 +620,7 @@ Enabling either of the following two policies will override the above policy:
 
 | Name | Value |
 |:--|:--|
-| Name | AutoRestartDeadline_Title |
+| Name | AutoRestartDeadline |
 | Friendly Name | Specify deadline before auto-restart for update installation |
 | Element Name | Quality Updates (days) |
 | Location | Computer Configuration |
@@ -641,6 +651,7 @@ Enabling either of the following two policies will override the above policy:
 <!-- AutoRestartDeadlinePeriodInDaysForFeatureUpdates-OmaUri-End -->
 
 <!-- AutoRestartDeadlinePeriodInDaysForFeatureUpdates-Description-Begin -->
+<!-- Description-Source-DDF -->
 For Feature Updates, this policy specifies the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart is scheduled. The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks. Value type is integer. Default is 7 days. Supported values range: 2-30. **Note** that the PC must restart for certain updates to take effect. If you enable this policy, a restart will automatically occur the specified number of days after the restart was scheduled. If you disable or do not configure this policy, the PC will restart according to the default schedule. If any of the following two policies are enabled, this policy has no effect:No auto-restart with logged on users for scheduled automatic updates installations. Always automatically restart at scheduled time.
 <!-- AutoRestartDeadlinePeriodInDaysForFeatureUpdates-Description-End -->
 
@@ -664,7 +675,7 @@ For Feature Updates, this policy specifies the deadline in days before automatic
 
 | Name | Value |
 |:--|:--|
-| Name | AutoRestartDeadline_Title |
+| Name | AutoRestartDeadline |
 | Friendly Name | Specify deadline before auto-restart for update installation |
 | Element Name | Feature Updates (days) |
 | Location | Computer Configuration |
@@ -695,6 +706,7 @@ For Feature Updates, this policy specifies the deadline in days before automatic
 <!-- AutoRestartNotificationSchedule-OmaUri-End -->
 
 <!-- AutoRestartNotificationSchedule-Description-Begin -->
+<!-- Description-Source-DDF -->
 Allows the IT Admin to specify the period for auto-restart reminder notifications. The default value is 15 (minutes).
 <!-- AutoRestartNotificationSchedule-Description-End -->
 
@@ -729,7 +741,7 @@ Allows the IT Admin to specify the period for auto-restart reminder notification
 
 | Name | Value |
 |:--|:--|
-| Name | AutoRestartNotificationConfig_Title |
+| Name | AutoRestartNotificationConfig |
 | Friendly Name | Configure auto-restart reminder notifications for updates |
 | Element Name | Period (min) |
 | Location | Computer Configuration |
@@ -760,6 +772,7 @@ Allows the IT Admin to specify the period for auto-restart reminder notification
 <!-- AutoRestartRequiredNotificationDismissal-OmaUri-End -->
 
 <!-- AutoRestartRequiredNotificationDismissal-Description-Begin -->
+<!-- Description-Source-ADMX -->
 Enable this policy to specify the method by which the auto-restart required notification is dismissed. When a restart is required to install updates, the auto-restart required notification is displayed. By default, the notification is automatically dismissed after 25 seconds.
 
 The method can be set to require user action to dismiss the notification.
@@ -795,7 +808,7 @@ If you disable or do not configure this policy, the default method will be used.
 
 | Name | Value |
 |:--|:--|
-| Name | AutoRestartRequiredNotificationDismissal_Title |
+| Name | AutoRestartRequiredNotificationDismissal |
 | Friendly Name | Configure auto-restart required notification for updates |
 | Element Name | Method |
 | Location | Computer Configuration |
@@ -826,6 +839,7 @@ If you disable or do not configure this policy, the default method will be used.
 <!-- BranchReadinessLevel-OmaUri-End -->
 
 <!-- BranchReadinessLevel-Description-Begin -->
+<!-- Description-Source-DDF -->
 Allows the IT admin to set which branch a device receives their updates from. As of 1903, the branch readiness levels of Semi-Annual Channel (Targeted) and Semi-Annual Channel have been combined into one Semi-Annual Channel set with a value of 16. For devices on 1903 and later releases, the value of 32 is not a supported value.
 <!-- BranchReadinessLevel-Description-End -->
 
@@ -861,7 +875,7 @@ Allows the IT admin to set which branch a device receives their updates from. As
 
 | Name | Value |
 |:--|:--|
-| Name | DeferFeatureUpdates_Title |
+| Name | DeferFeatureUpdates |
 | Friendly Name | Select when Preview Builds and Feature Updates are received |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage updates offered from Windows Update |
@@ -891,6 +905,7 @@ Allows the IT admin to set which branch a device receives their updates from. As
 <!-- ConfigureDeadlineForFeatureUpdates-OmaUri-End -->
 
 <!-- ConfigureDeadlineForFeatureUpdates-Description-Begin -->
+<!-- Description-Source-DDF -->
 Number of days before feature updates are installed on devices automatically regardless of active hours. Before the deadline passes, users will be able to schedule restarts, and automatic restarts can happen outside of active hours. When set to 0, updates will download and install immediately, but might not finish within the day due to device availability and network connectivity.
 <!-- ConfigureDeadlineForFeatureUpdates-Description-End -->
 
@@ -941,6 +956,7 @@ Number of days before feature updates are installed on devices automatically reg
 <!-- ConfigureDeadlineForQualityUpdates-OmaUri-End -->
 
 <!-- ConfigureDeadlineForQualityUpdates-Description-Begin -->
+<!-- Description-Source-DDF -->
 Number of days before quality updates are installed on devices automatically regardless of active hours. Before the deadline passes, users will be able to schedule restarts, and automatic restarts can happen outside of active hours. When set to 0, updates will download and install immediately, but might not finish within the day due to device availability and network connectivity.
 <!-- ConfigureDeadlineForQualityUpdates-Description-End -->
 
@@ -991,6 +1007,7 @@ Number of days before quality updates are installed on devices automatically reg
 <!-- ConfigureDeadlineGracePeriod-OmaUri-End -->
 
 <!-- ConfigureDeadlineGracePeriod-Description-Begin -->
+<!-- Description-Source-DDF -->
 Minimum number of days from update installation until restarts occur automatically for quality updates. This policy only takes effect when Update/ConfigureDeadlineForQualityUpdates is configured. If Update/ConfigureDeadlineForQualityUpdates is configured but this policy is not, then the default value of 2 days will take effect.
 <!-- ConfigureDeadlineGracePeriod-Description-End -->
 
@@ -1041,6 +1058,7 @@ Minimum number of days from update installation until restarts occur automatical
 <!-- ConfigureDeadlineGracePeriodForFeatureUpdates-OmaUri-End -->
 
 <!-- ConfigureDeadlineGracePeriodForFeatureUpdates-Description-Begin -->
+<!-- Description-Source-DDF -->
 Minimum number of days from update installation until restarts occur automatically for feature updates. This policy only takes effect when Update/ConfigureDeadlineForFeatureUpdates is configured. If Update/ConfigureDeadlineForFeatureUpdates is configured but this policy is not, then the value configured by Update/ConfigureDeadlineGracePeriod will be used. If Update/ConfigureDeadlineGracePeriod is also not configured, then the default value of 7 days will take effect.
 <!-- ConfigureDeadlineGracePeriodForFeatureUpdates-Description-End -->
 
@@ -1091,6 +1109,7 @@ Minimum number of days from update installation until restarts occur automatical
 <!-- ConfigureDeadlineNoAutoReboot-OmaUri-End -->
 
 <!-- ConfigureDeadlineNoAutoReboot-Description-Begin -->
+<!-- Description-Source-DDF -->
 When enabled, devices will not automatically restart outside of active hours until the deadline and grace period have expired, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates or Update/ConfigureDeadlineForFeatureUpdates is configured.
 <!-- ConfigureDeadlineNoAutoReboot-Description-End -->
 
@@ -1149,6 +1168,7 @@ When enabled, devices will not automatically restart outside of active hours unt
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-OmaUri-End -->
 
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Description-Begin -->
+<!-- Description-Source-DDF -->
 When enabled, devices will not automatically restart outside of active hours until the deadline and grace period have expired for feature updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForFeatureUpdates is configured.
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Description-End -->
 
@@ -1207,6 +1227,7 @@ When enabled, devices will not automatically restart outside of active hours unt
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-OmaUri-End -->
 
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Description-Begin -->
+<!-- Description-Source-DDF -->
 When enabled, devices will not automatically restart outside of active hours until the deadline and grace period have expired for quality updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates is configured.
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Description-End -->
 
@@ -1265,6 +1286,7 @@ When enabled, devices will not automatically restart outside of active hours unt
 <!-- ConfigureFeatureUpdateUninstallPeriod-OmaUri-End -->
 
 <!-- ConfigureFeatureUpdateUninstallPeriod-Description-Begin -->
+<!-- Description-Source-DDF -->
 Enable enterprises/IT admin to configure feature update uninstall period
 <!-- ConfigureFeatureUpdateUninstallPeriod-Description-End -->
 
@@ -1305,7 +1327,8 @@ Enable enterprises/IT admin to configure feature update uninstall period
 <!-- DeferFeatureUpdatesPeriodInDays-OmaUri-End -->
 
 <!-- DeferFeatureUpdatesPeriodInDays-Description-Begin -->
-Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.  Defers Feature Updates for the specified number of days. Supported values are 0-365 days. **Important**: The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703.
+<!-- Description-Source-DDF -->
+Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. Defers Feature Updates for the specified number of days. Supported values are 0-365 days. **Important**: The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703.
 <!-- DeferFeatureUpdatesPeriodInDays-Description-End -->
 
 <!-- DeferFeatureUpdatesPeriodInDays-Editable-Begin -->
@@ -1328,7 +1351,7 @@ Since this policy is not blocked, you will not get a failure message when you us
 
 | Name | Value |
 |:--|:--|
-| Name | DeferFeatureUpdates_Title |
+| Name | DeferFeatureUpdates |
 | Friendly Name | Select when Preview Builds and Feature Updates are received |
 | Element Name | How many days after a Feature Update is released would you like to defer the update before it is offered to the device? |
 | Location | Computer Configuration |
@@ -1359,6 +1382,7 @@ Since this policy is not blocked, you will not get a failure message when you us
 <!-- DeferQualityUpdatesPeriodInDays-OmaUri-End -->
 
 <!-- DeferQualityUpdatesPeriodInDays-Description-Begin -->
+<!-- Description-Source-DDF -->
 Defers Quality Updates for the specified number of days. Supported values are 0-30.
 <!-- DeferQualityUpdatesPeriodInDays-Description-End -->
 
@@ -1382,7 +1406,7 @@ Defers Quality Updates for the specified number of days. Supported values are 0-
 
 | Name | Value |
 |:--|:--|
-| Name | DeferQualityUpdates_Title |
+| Name | DeferQualityUpdates |
 | Friendly Name | Select when Quality Updates are received |
 | Element Name | After a quality update is released, defer receiving it for this many days |
 | Location | Computer Configuration |
@@ -1413,6 +1437,7 @@ Defers Quality Updates for the specified number of days. Supported values are 0-
 <!-- DeferUpdatePeriod-OmaUri-End -->
 
 <!-- DeferUpdatePeriod-Description-Begin -->
+<!-- Description-Source-DDF -->
 Note. Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in Changes in Windows 10, version 1607 for update management. You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices. Allows IT Admins to specify update delays for up to 4 weeks. Supported values are 0-4, which refers to the number of weeks to defer updates. In Windows 10 Mobile Enterprise version 1511 devices set to automatic updates, for DeferUpdatePeriod to work, you must set the following:Update/RequireDeferUpgrade must be set to 1System/AllowTelemetry must be set to 1 or higherIf the Specify intranet Microsoft update service location policy is enabled, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect. If the Allow Telemetry policy is enabled and the Options value is set to 0, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect. OS upgrade:Maximum deferral: 8 monthsDeferral increment: 1 monthUpdate type/notes:Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5Update:Maximum deferral: 1 monthDeferral increment: 1 weekUpdate type/notes:If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic. - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441- Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4- Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F- Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828- Tools - B4832BD8-E735-4761-8DAF-37F882276DAB- Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F- Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83- Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0Other/cannot defer:Maximum deferral: No deferralDeferral increment: No deferralUpdate type/notes:Any update category not specifically enumerated above falls into this category. - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B
 <!-- DeferUpdatePeriod-Description-End -->
 
@@ -1463,7 +1488,8 @@ Note. Don't use this policy in Windows 10, version 1607 devices, instead use th
 <!-- DeferUpgradePeriod-OmaUri-End -->
 
 <!-- DeferUpgradePeriod-Description-Begin -->
-**Note**: Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in Changes in Windows 10, version 1607 for update management. You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices. Allows IT Admins to specify additional upgrade delays for up to 8 months. Supported values are 0-8, which refers to the number of months to defer upgrades. If the Specify intranet Microsoft update service location policy is enabled, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect. If the Allow Telemetry policy is enabled and the Options value is set to 0, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect.
+<!-- Description-Source-DDF -->
+NoteSince this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in Changes in Windows 10, version 1607 for update management. You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices. Allows IT Admins to specify additional upgrade delays for up to 8 months. Supported values are 0-8, which refers to the number of months to defer upgrades. If the Specify intranet Microsoft update service location policy is enabled, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect. If the Allow Telemetry policy is enabled and the Options value is set to 0, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect.
 <!-- DeferUpgradePeriod-Description-End -->
 
 <!-- DeferUpgradePeriod-Editable-Begin -->
@@ -1513,12 +1539,13 @@ Note. Don't use this policy in Windows 10, version 1607 devices, instead use th
 <!-- DetectionFrequency-OmaUri-End -->
 
 <!-- DetectionFrequency-Description-Begin -->
+<!-- Description-Source-DDF -->
 Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours.
 <!-- DetectionFrequency-Description-End -->
 
 <!-- DetectionFrequency-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-> [!NOTE]>
+> [!NOTE]
 > There is a random variant of 0-4 hours applied to the scan frequency, which cannot be configured.
 <!-- DetectionFrequency-Editable-End -->
 
@@ -1569,6 +1596,7 @@ Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours.
 <!-- DisableDualScan-OmaUri-End -->
 
 <!-- DisableDualScan-Description-Begin -->
+<!-- Description-Source-ADMX -->
 Enable this policy to not allow update deferral policies to cause scans against Windows Update.
 
 If this policy is disabled or not configured, then the Windows Update client may initiate automatic scans against Windows Update while update deferral policies are enabled.
@@ -1605,7 +1633,7 @@ Note: This policy applies only when the intranet Microsoft update service this c
 
 | Name | Value |
 |:--|:--|
-| Name | DisableDualScan_Title |
+| Name | DisableDualScan |
 | Friendly Name | Do not allow update deferral policies to cause scans against Windows Update |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Legacy Policies |
@@ -1626,7 +1654,7 @@ Note: This policy applies only when the intranet Microsoft update service this c
 <!-- DisableWUfBSafeguards-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [17763.1490] and later <br> :heavy_check_mark: Unknown [18362.1110] and later <br> :heavy_check_mark: Unknown [18363.1110] and later <br> :heavy_check_mark: Unknown [19041.546] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763.1490] and later <br> :heavy_check_mark: Windows 10, version 1903 [10.0.18362.1110] and later <br> :heavy_check_mark: Windows 10, version 1909 [10.0.18363.1110] and later <br> :heavy_check_mark: Windows 10, version 2004 [10.0.19041.546] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableWUfBSafeguards-Applicability-End -->
 
 <!-- DisableWUfBSafeguards-OmaUri-Begin -->
@@ -1636,7 +1664,8 @@ Note: This policy applies only when the intranet Microsoft update service this c
 <!-- DisableWUfBSafeguards-OmaUri-End -->
 
 <!-- DisableWUfBSafeguards-Description-Begin -->
-<!-- Description-Not-Found -->
+<!-- Description-Source-DDF -->
+This policy setting specifies that a Windows Update for Business device should skip safeguards.
 <!-- DisableWUfBSafeguards-Description-End -->
 
 <!-- DisableWUfBSafeguards-Editable-Begin -->
@@ -1684,6 +1713,7 @@ Note: This policy applies only when the intranet Microsoft update service this c
 <!-- DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection-OmaUri-End -->
 
 <!-- DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection-Description-Begin -->
+<!-- Description-Source-ADMX-Element -->
 Do not enforce TLS certificate pinning for Windows Update client for detecting updates.
 <!-- DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection-Description-End -->
 
@@ -1748,6 +1778,7 @@ Do not enforce TLS certificate pinning for Windows Update client for detecting u
 <!-- EngagedRestartDeadline-OmaUri-End -->
 
 <!-- EngagedRestartDeadline-Description-Begin -->
+<!-- Description-Source-DDF -->
 For Quality Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks. **Note**: If Update/EngagedDeadline is the only policy set (Update/EngagedRestartTransitionSchedule and Update/EngagedRestartSnoozeSchedule are not set), the behavior goes from reboot required -> engaged behavior -> forced reboot after deadline is reached with a 3-day snooze period. Value type is integer. Default is 14. Supported value range: 2 - 30. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e. g. pending user scheduling). If you disable or do not configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect:No auto-restart with logged on users for scheduled automatic updates installationsAlways automatically restart at scheduled timeSpecify deadline before auto-restart for update installation
 <!-- EngagedRestartDeadline-Description-End -->
 
@@ -1771,7 +1802,7 @@ For Quality Updates, this policy specifies the deadline in days before automatic
 
 | Name | Value |
 |:--|:--|
-| Name | EngagedRestartTransitionSchedule_Title |
+| Name | EngagedRestartTransitionSchedule |
 | Friendly Name | Specify Engaged restart transition and notification schedule for updates |
 | Element Name | Deadline (days)  |
 | Location | Computer Configuration |
@@ -1802,6 +1833,7 @@ For Quality Updates, this policy specifies the deadline in days before automatic
 <!-- EngagedRestartDeadlineForFeatureUpdates-OmaUri-End -->
 
 <!-- EngagedRestartDeadlineForFeatureUpdates-Description-Begin -->
+<!-- Description-Source-DDF -->
 For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. Value type is integer. Default is 14. Supported value range: 2 - 30. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (e. g. pending user scheduling). If you disable or do not configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect:No auto-restart with logged on users for scheduled automatic updates installationsAlways automatically restart at scheduled timeSpecify deadline before auto-restart for update installation
 <!-- EngagedRestartDeadlineForFeatureUpdates-Description-End -->
 
@@ -1825,7 +1857,7 @@ For Feature Updates, this policy specifies the deadline in days before automatic
 
 | Name | Value |
 |:--|:--|
-| Name | EngagedRestartTransitionSchedule_Title |
+| Name | EngagedRestartTransitionSchedule |
 | Friendly Name | Specify Engaged restart transition and notification schedule for updates |
 | Element Name | Deadline (days)  |
 | Location | Computer Configuration |
@@ -1856,6 +1888,7 @@ For Feature Updates, this policy specifies the deadline in days before automatic
 <!-- EngagedRestartSnoozeSchedule-OmaUri-End -->
 
 <!-- EngagedRestartSnoozeSchedule-Description-Begin -->
+<!-- Description-Source-DDF -->
 For Quality Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days. Value type is integer. Default is 3 days. Supported value range: 1 - 3. If you disable or do not configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect:No auto-restart with logged on users for scheduled automatic updates installationsAlways automatically restart at scheduled timeSpecify deadline before auto-restart for update installation
 <!-- EngagedRestartSnoozeSchedule-Description-End -->
 
@@ -1879,7 +1912,7 @@ For Quality Updates, this policy specifies the number of days a user can snooze
 
 | Name | Value |
 |:--|:--|
-| Name | EngagedRestartTransitionSchedule_Title |
+| Name | EngagedRestartTransitionSchedule |
 | Friendly Name | Specify Engaged restart transition and notification schedule for updates |
 | Element Name | Snooze (days)  |
 | Location | Computer Configuration |
@@ -1910,6 +1943,7 @@ For Quality Updates, this policy specifies the number of days a user can snooze
 <!-- EngagedRestartSnoozeScheduleForFeatureUpdates-OmaUri-End -->
 
 <!-- EngagedRestartSnoozeScheduleForFeatureUpdates-Description-Begin -->
+<!-- Description-Source-DDF -->
 For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days. Value type is integer. Default is 3 days. Supported value range: 1 - 3. If you disable or do not configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect:No auto-restart with logged on users for scheduled automatic updates installationsAlways automatically restart at scheduled timeSpecify deadline before auto-restart for update installation
 <!-- EngagedRestartSnoozeScheduleForFeatureUpdates-Description-End -->
 
@@ -1933,7 +1967,7 @@ For Feature Updates, this policy specifies the number of days a user can snooze
 
 | Name | Value |
 |:--|:--|
-| Name | EngagedRestartTransitionSchedule_Title |
+| Name | EngagedRestartTransitionSchedule |
 | Friendly Name | Specify Engaged restart transition and notification schedule for updates |
 | Element Name | Snooze (days)  |
 | Location | Computer Configuration |
@@ -1964,6 +1998,7 @@ For Feature Updates, this policy specifies the number of days a user can snooze
 <!-- EngagedRestartTransitionSchedule-OmaUri-End -->
 
 <!-- EngagedRestartTransitionSchedule-Description-Begin -->
+<!-- Description-Source-ADMX -->
 Enable this policy to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 0 and 30 days from the time the restart becomes pending.
 
 You can specify the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days.
@@ -2000,7 +2035,7 @@ Enabling any of the following policies will override the above policy:
 
 | Name | Value |
 |:--|:--|
-| Name | EngagedRestartTransitionSchedule_Title |
+| Name | EngagedRestartTransitionSchedule |
 | Friendly Name | Specify Engaged restart transition and notification schedule for updates |
 | Element Name | Transition (days)  |
 | Location | Computer Configuration |
@@ -2031,6 +2066,7 @@ Enabling any of the following policies will override the above policy:
 <!-- EngagedRestartTransitionScheduleForFeatureUpdates-OmaUri-End -->
 
 <!-- EngagedRestartTransitionScheduleForFeatureUpdates-Description-Begin -->
+<!-- Description-Source-DDF -->
 For Feature Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. Value type is integer. Default value is 7 days. Supported value range: 2 - 30. If you disable or do not configure this policy, the default behaviors will be used. If any of the following policies are configured, this policy has no effect:No auto-restart with logged on users for scheduled automatic updates installationsAlways automatically restart at scheduled timeSpecify deadline before auto-restart for update installation
 <!-- EngagedRestartTransitionScheduleForFeatureUpdates-Description-End -->
 
@@ -2054,7 +2090,7 @@ For Feature Updates, this policy specifies the timing before transitioning from
 
 | Name | Value |
 |:--|:--|
-| Name | EngagedRestartTransitionSchedule_Title |
+| Name | EngagedRestartTransitionSchedule |
 | Friendly Name | Specify Engaged restart transition and notification schedule for updates |
 | Element Name | Transition (days)  |
 | Location | Computer Configuration |
@@ -2085,6 +2121,7 @@ For Feature Updates, this policy specifies the timing before transitioning from
 <!-- ExcludeWUDriversInQualityUpdate-OmaUri-End -->
 
 <!-- ExcludeWUDriversInQualityUpdate-Description-Begin -->
+<!-- Description-Source-ADMX -->
 Enable this policy to not include drivers with Windows quality updates.
 
 If you disable or do not configure this policy, Windows Update will include updates that have a Driver classification.
@@ -2118,7 +2155,7 @@ If you disable or do not configure this policy, Windows Update will include upda
 
 | Name | Value |
 |:--|:--|
-| Name | ExcludeWUDriversInQualityUpdate_Title |
+| Name | ExcludeWUDriversInQualityUpdate |
 | Friendly Name | Do not include drivers with Windows Updates |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage updates offered from Windows Update |
@@ -2149,6 +2186,7 @@ If you disable or do not configure this policy, Windows Update will include upda
 <!-- FillEmptyContentUrls-OmaUri-End -->
 
 <!-- FillEmptyContentUrls-Description-Begin -->
+<!-- Description-Source-DDF -->
 Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL). **Note**: This setting should only be used in combination with an alternate download URL and configured to use ISV file cache. This setting is used when the intranet update service does not provide download URLs in the update metadata for files which are available on the alternate download server.
 <!-- FillEmptyContentUrls-Description-End -->
 
@@ -2211,6 +2249,7 @@ Allows Windows Update Agent to determine the download URL when it is missing fro
 <!-- IgnoreMOAppDownloadLimit-OmaUri-End -->
 
 <!-- IgnoreMOAppDownloadLimit-Description-Begin -->
+<!-- Description-Source-DDF -->
 Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. **Warning**: Setting this policy might cause devices to incur costs from MO operators.
 <!-- IgnoreMOAppDownloadLimit-Description-End -->
 
@@ -2267,6 +2306,7 @@ To validate this policy:
 <!-- IgnoreMOUpdateDownloadLimit-OmaUri-End -->
 
 <!-- IgnoreMOUpdateDownloadLimit-Description-Begin -->
+<!-- Description-Source-DDF -->
 Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. **Warning**: Setting this policy might cause devices to incur costs from MO operators.
 <!-- IgnoreMOUpdateDownloadLimit-Description-End -->
 
@@ -2323,6 +2363,7 @@ To validate this policy:
 <!-- ManagePreviewBuilds-OmaUri-End -->
 
 <!-- ManagePreviewBuilds-Description-Begin -->
+<!-- Description-Source-DDF -->
 Used to manage Windows 10 Insider Preview builds. Value type is integer.
 <!-- ManagePreviewBuilds-Description-End -->
 
@@ -2356,7 +2397,7 @@ Used to manage Windows 10 Insider Preview builds. Value type is integer.
 
 | Name | Value |
 |:--|:--|
-| Name | ManagePreviewBuilds_Title |
+| Name | ManagePreviewBuilds |
 | Friendly Name | Manage preview builds |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage updates offered from Windows Update |
@@ -2386,6 +2427,7 @@ Used to manage Windows 10 Insider Preview builds. Value type is integer.
 <!-- NoUpdateNotificationsDuringActiveHours-OmaUri-End -->
 
 <!-- NoUpdateNotificationsDuringActiveHours-Description-Begin -->
+<!-- Description-Source-DDF -->
 When enabled, notifications will only be disabled during active hours. Takes effect only if Update/UpdateNotificationLevel is configured to 1 or 2. To ensure that the device stays secure, a notification will still be shown if this option is selected once “Specify deadlines for automatic updates and restarts” deadline has been reached if configured, regardless of active hours.
 <!-- NoUpdateNotificationsDuringActiveHours-Description-End -->
 
@@ -2446,7 +2488,8 @@ When enabled, notifications will only be disabled during active hours. Takes eff
 <!-- PauseDeferrals-OmaUri-End -->
 
 <!-- PauseDeferrals-Description-Begin -->
-**Note**: Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in Changes in Windows 10, version 1607 for update management. You can continue to use PauseDeferrals for Windows 10, version 1511 devices. Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks. If the Specify intranet Microsoft update service location policy is enabled, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect. If the Allow Telemetry policy is enabled and the Options value is set to 0, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect.
+<!-- Description-Source-DDF -->
+NoteDon't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in Changes in Windows 10, version 1607 for update management. You can continue to use PauseDeferrals for Windows 10, version 1511 devices. Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks. If the Specify intranet Microsoft update service location policy is enabled, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect. If the Allow Telemetry policy is enabled and the Options value is set to 0, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect.
 <!-- PauseDeferrals-Description-End -->
 
 <!-- PauseDeferrals-Editable-Begin -->
@@ -2504,7 +2547,8 @@ When enabled, notifications will only be disabled during active hours. Takes eff
 <!-- PauseFeatureUpdates-OmaUri-End -->
 
 <!-- PauseFeatureUpdates-Description-Begin -->
-Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.  Allows IT Admins to pause Feature Updates for up to 60 days.
+<!-- Description-Source-DDF -->
+Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. Allows IT Admins to pause Feature Updates for up to 60 days.
 <!-- PauseFeatureUpdates-Description-End -->
 
 <!-- PauseFeatureUpdates-Editable-Begin -->
@@ -2537,7 +2581,7 @@ Since this policy is not blocked, you will not get a failure message when you us
 
 | Name | Value |
 |:--|:--|
-| Name | DeferFeatureUpdates_Title |
+| Name | DeferFeatureUpdates |
 | Friendly Name | Select when Preview Builds and Feature Updates are received |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage updates offered from Windows Update |
@@ -2567,6 +2611,7 @@ Since this policy is not blocked, you will not get a failure message when you us
 <!-- PauseFeatureUpdatesStartTime-OmaUri-End -->
 
 <!-- PauseFeatureUpdatesStartTime-Description-Begin -->
+<!-- Description-Source-DDF -->
 Specifies the date and time when the IT admin wants to start pausing the Feature Updates. Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
 <!-- PauseFeatureUpdatesStartTime-Description-End -->
 
@@ -2588,7 +2633,7 @@ Specifies the date and time when the IT admin wants to start pausing the Feature
 
 | Name | Value |
 |:--|:--|
-| Name | DeferFeatureUpdates_Title |
+| Name | DeferFeatureUpdates |
 | Friendly Name | Select when Preview Builds and Feature Updates are received |
 | Element Name | Pause Preview Builds or Feature Updates starting |
 | Location | Computer Configuration |
@@ -2619,6 +2664,7 @@ Specifies the date and time when the IT admin wants to start pausing the Feature
 <!-- PauseQualityUpdates-OmaUri-End -->
 
 <!-- PauseQualityUpdates-Description-Begin -->
+<!-- Description-Source-DDF -->
 Allows IT Admins to pause Quality Updates.
 <!-- PauseQualityUpdates-Description-End -->
 
@@ -2652,7 +2698,7 @@ Allows IT Admins to pause Quality Updates.
 
 | Name | Value |
 |:--|:--|
-| Name | DeferQualityUpdates_Title |
+| Name | DeferQualityUpdates |
 | Friendly Name | Select when Quality Updates are received |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage updates offered from Windows Update |
@@ -2682,6 +2728,7 @@ Allows IT Admins to pause Quality Updates.
 <!-- PauseQualityUpdatesStartTime-OmaUri-End -->
 
 <!-- PauseQualityUpdatesStartTime-Description-Begin -->
+<!-- Description-Source-DDF -->
 Specifies the date and time when the IT admin wants to start pausing the Quality Updates. Value type is string (yyyy-mm-dd, ex. 2018-10-28). Supported operations are Add, Get, Delete, and Replace.
 <!-- PauseQualityUpdatesStartTime-Description-End -->
 
@@ -2705,7 +2752,7 @@ Specifies the date and time when the IT admin wants to start pausing the Quality
 
 | Name | Value |
 |:--|:--|
-| Name | DeferQualityUpdates_Title |
+| Name | DeferQualityUpdates |
 | Friendly Name | Select when Quality Updates are received |
 | Element Name | Pause Quality Updates starting |
 | Location | Computer Configuration |
@@ -2736,6 +2783,7 @@ Specifies the date and time when the IT admin wants to start pausing the Quality
 <!-- PhoneUpdateRestrictions-OmaUri-End -->
 
 <!-- PhoneUpdateRestrictions-Description-Begin -->
+<!-- Description-Source-DDF -->
 This policy is deprecated. Use Update/RequireUpdateApproval instead.
 <!-- PhoneUpdateRestrictions-Description-End -->
 
@@ -2766,7 +2814,7 @@ This policy is deprecated. Use Update/RequireUpdateApproval instead.
 <!-- ProductVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | <!-- Not-Found --> |
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProductVersion-Applicability-End -->
 
 <!-- ProductVersion-OmaUri-Begin -->
@@ -2776,6 +2824,7 @@ This policy is deprecated. Use Update/RequireUpdateApproval instead.
 <!-- ProductVersion-OmaUri-End -->
 
 <!-- ProductVersion-Description-Begin -->
+<!-- Description-Source-DDF -->
 Enables IT administrators to specify the product version associated with the target feature update they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy. For details about different Windows 10 versions, see Windows release information.
 <!-- ProductVersion-Description-End -->
 
@@ -2831,7 +2880,8 @@ Supported value type is a string containing a Windows product. For example, "Win
 <!-- RequireDeferUpgrade-OmaUri-End -->
 
 <!-- RequireDeferUpgrade-Description-Begin -->
-**Note**: Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in Changes in Windows 10, version 1607 for update management. You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. Allows the IT admin to set a device to Semi-Annual Channel train.
+<!-- Description-Source-DDF -->
+NoteDon't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in Changes in Windows 10, version 1607 for update management. You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. Allows the IT admin to set a device to Semi-Annual Channel train.
 <!-- RequireDeferUpgrade-Description-End -->
 
 <!-- RequireDeferUpgrade-Editable-Begin -->
@@ -2889,7 +2939,8 @@ Supported value type is a string containing a Windows product. For example, "Win
 <!-- RequireUpdateApproval-OmaUri-End -->
 
 <!-- RequireUpdateApproval-Description-Begin -->
-**Note**: If you previously used the Update/PhoneUpdateRestrictions policy in previous versions of Windows, it has been deprecated. Please use this policy instead. Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved. Supported operations are Get and Replace.
+<!-- Description-Source-DDF -->
+Note If you previously used the Update/PhoneUpdateRestrictions policy in previous versions of Windows, it has been deprecated. Please use this policy instead. Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved. Supported operations are Get and Replace.
 <!-- RequireUpdateApproval-Description-End -->
 
 <!-- RequireUpdateApproval-Editable-Begin -->
@@ -2937,6 +2988,7 @@ Supported value type is a string containing a Windows product. For example, "Win
 <!-- ScheduledInstallDay-OmaUri-End -->
 
 <!-- ScheduledInstallDay-Description-Begin -->
+<!-- Description-Source-DDF -->
 Enables the IT admin to schedule the day of the update installation. The data type is a integer. Supported operations are Add, Delete, Get, and Replace.
 <!-- ScheduledInstallDay-Description-End -->
 
@@ -3007,6 +3059,7 @@ Enables the IT admin to schedule the day of the update installation. The data ty
 <!-- ScheduledInstallEveryWeek-OmaUri-End -->
 
 <!-- ScheduledInstallEveryWeek-Description-Begin -->
+<!-- Description-Source-DDF -->
 Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values:0 - no update in the schedule1 - update is scheduled every week
 <!-- ScheduledInstallEveryWeek-Description-End -->
 
@@ -3071,6 +3124,7 @@ Enables the IT admin to schedule the update installation on the every week. Valu
 <!-- ScheduledInstallFirstWeek-OmaUri-End -->
 
 <!-- ScheduledInstallFirstWeek-Description-Begin -->
+<!-- Description-Source-DDF -->
 Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:0 - no update in the schedule1 - update is scheduled every first week of the month
 <!-- ScheduledInstallFirstWeek-Description-End -->
 
@@ -3135,6 +3189,7 @@ Enables the IT admin to schedule the update installation on the first week of th
 <!-- ScheduledInstallFourthWeek-OmaUri-End -->
 
 <!-- ScheduledInstallFourthWeek-Description-Begin -->
+<!-- Description-Source-DDF -->
 Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:0 - no update in the schedule1 - update is scheduled every fourth week of the month
 <!-- ScheduledInstallFourthWeek-Description-End -->
 
@@ -3199,6 +3254,7 @@ Enables the IT admin to schedule the update installation on the fourth week of t
 <!-- ScheduledInstallSecondWeek-OmaUri-End -->
 
 <!-- ScheduledInstallSecondWeek-Description-Begin -->
+<!-- Description-Source-DDF -->
 Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:0 - no update in the schedule1 - update is scheduled every second week of the month
 <!-- ScheduledInstallSecondWeek-Description-End -->
 
@@ -3263,6 +3319,7 @@ Enables the IT admin to schedule the update installation on the second week of t
 <!-- ScheduledInstallThirdWeek-OmaUri-End -->
 
 <!-- ScheduledInstallThirdWeek-Description-Begin -->
+<!-- Description-Source-DDF -->
 Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:0 - no update in the schedule1 - update is scheduled every third week of the month
 <!-- ScheduledInstallThirdWeek-Description-End -->
 
@@ -3327,7 +3384,8 @@ Enables the IT admin to schedule the update installation on the third week of th
 <!-- ScheduledInstallTime-OmaUri-End -->
 
 <!-- ScheduledInstallTime-Description-Begin -->
-**Note**: This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile EnterpriseEnables the IT admin to schedule the time of the update installation. The data type is a integer. Supported operations are Add, Delete, Get, and Replace. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3.
+<!-- Description-Source-DDF -->
+Note This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile EnterpriseEnables the IT admin to schedule the time of the update installation. The data type is a integer. Supported operations are Add, Delete, Get, and Replace. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3.
 <!-- ScheduledInstallTime-Description-End -->
 
 <!-- ScheduledInstallTime-Editable-Begin -->
@@ -3385,6 +3443,7 @@ Enables the IT admin to schedule the update installation on the third week of th
 <!-- ScheduleImminentRestartWarning-OmaUri-End -->
 
 <!-- ScheduleImminentRestartWarning-Description-Begin -->
+<!-- Description-Source-DDF -->
 Allows the IT Admin to specify the period for auto-restart imminent warning notifications. The default value is 15 (minutes).
 <!-- ScheduleImminentRestartWarning-Description-End -->
 
@@ -3417,7 +3476,7 @@ Allows the IT Admin to specify the period for auto-restart imminent warning noti
 
 | Name | Value |
 |:--|:--|
-| Name | RestartWarningSchd_Title |
+| Name | RestartWarnRemind |
 | Friendly Name | Configure auto-restart warning notifications schedule for updates |
 | Element Name | Warning (mins) |
 | Location | Computer Configuration |
@@ -3448,6 +3507,7 @@ Allows the IT Admin to specify the period for auto-restart imminent warning noti
 <!-- ScheduleRestartWarning-OmaUri-End -->
 
 <!-- ScheduleRestartWarning-Description-Begin -->
+<!-- Description-Source-ADMX -->
 Enable this policy to control when notifications are displayed to warn users about a scheduled restart for the update installation deadline. Users are not able to postpone the scheduled restart once the deadline has been reached and the restart is automatically executed.
 
 Specifies the amount of time prior to a scheduled restart to display the warning reminder to the user.
@@ -3488,7 +3548,7 @@ If you disable or do not configure this policy, the default notification behavio
 
 | Name | Value |
 |:--|:--|
-| Name | RestartWarningSchd_Title |
+| Name | RestartWarnRemind |
 | Friendly Name | Configure auto-restart warning notifications schedule for updates |
 | Element Name | Reminder (hours) |
 | Location | Computer Configuration |
@@ -3519,6 +3579,7 @@ If you disable or do not configure this policy, the default notification behavio
 <!-- SetAutoRestartNotificationDisable-OmaUri-End -->
 
 <!-- SetAutoRestartNotificationDisable-Description-Begin -->
+<!-- Description-Source-DDF -->
 Allows the IT Admin to disable auto-restart notifications for update installations.
 <!-- SetAutoRestartNotificationDisable-Description-End -->
 
@@ -3550,7 +3611,7 @@ Allows the IT Admin to disable auto-restart notifications for update installatio
 
 | Name | Value |
 |:--|:--|
-| Name | AutoRestartNotificationDisable_Title |
+| Name | AutoRestartNotificationDisable |
 | Friendly Name | Turn off auto-restart notifications for update installations |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Legacy Policies |
@@ -3580,7 +3641,10 @@ Allows the IT Admin to disable auto-restart notifications for update installatio
 <!-- SetDisablePauseUXAccess-OmaUri-End -->
 
 <!-- SetDisablePauseUXAccess-Description-Begin -->
-This policy allows the IT admin to disable the Pause Updates feature. When this policy is enabled, the user cannot access the Pause updates feature. Value type is integer. Default is 0. Supported values 0, 1.
+<!-- Description-Source-ADMX -->
+This setting allows to remove access to "Pause updates" feature.
+
+Once enabled user access to pause updates is removed.
 <!-- SetDisablePauseUXAccess-Description-End -->
 
 <!-- SetDisablePauseUXAccess-Editable-Begin -->
@@ -3611,8 +3675,13 @@ This policy allows the IT admin to disable the Pause Updates feature. When this
 
 | Name | Value |
 |:--|:--|
-| Name | SetDisablePauseUXAccess |
-| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
+| Name | DisablePauseUXAccess |
+| Friendly Name | Remove access to "Pause updates" feature |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Update > Manage end user experience |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
+| Registry Value Name | SetDisablePauseUXAccess |
+| ADMX File Name | WindowsUpdate.admx |
 <!-- SetDisablePauseUXAccess-GpMapping-End -->
 
 <!-- SetDisablePauseUXAccess-Examples-Begin -->
@@ -3637,7 +3706,10 @@ This policy allows the IT admin to disable the Pause Updates feature. When this
 <!-- SetDisableUXWUAccess-OmaUri-End -->
 
 <!-- SetDisableUXWUAccess-Description-Begin -->
-This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user cannot access the Windows Update scan, download, and install features. Value type is integer. Default is 0. Supported values 0, 1.
+<!-- Description-Source-ADMX -->
+This setting allows you to remove access to scan Windows Update.
+
+If you enable this setting user access to Windows Update scan, download and install is removed.
 <!-- SetDisableUXWUAccess-Description-End -->
 
 <!-- SetDisableUXWUAccess-Editable-Begin -->
@@ -3668,8 +3740,13 @@ This policy allows the IT admin to remove access to scan Windows Update. When th
 
 | Name | Value |
 |:--|:--|
-| Name | SetDisableUXWUAccess |
-| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
+| Name | DisableUXWUAccess |
+| Friendly Name | Remove access to use all Windows Update features |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Update > Manage end user experience |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
+| Registry Value Name | SetDisableUXWUAccess |
+| ADMX File Name | WindowsUpdate.admx |
 <!-- SetDisableUXWUAccess-GpMapping-End -->
 
 <!-- SetDisableUXWUAccess-Examples-Begin -->
@@ -3694,6 +3771,7 @@ This policy allows the IT admin to remove access to scan Windows Update. When th
 <!-- SetEDURestart-OmaUri-End -->
 
 <!-- SetEDURestart-Description-Begin -->
+<!-- Description-Source-ADMX -->
 Enabling this policy for EDU devices that remain on Carts overnight will skip power checks to ensure update reboots will happen at the scheduled install time.
 <!-- SetEDURestart-Description-End -->
 
@@ -3725,7 +3803,7 @@ Enabling this policy for EDU devices that remain on Carts overnight will skip po
 
 | Name | Value |
 |:--|:--|
-| Name | SetEDURestart_Title |
+| Name | SetEDURestart |
 | Friendly Name | Update Power Policy for Cart Restarts |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage end user experience |
@@ -3756,7 +3834,7 @@ Enabling this policy for EDU devices that remain on Carts overnight will skip po
 <!-- SetPolicyDrivenUpdateSourceForDriverUpdates-OmaUri-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForDriverUpdates-Description-Begin -->
-<!-- Description-Not-Found -->
+<!-- Description-Source-Not-Found -->
 <!-- SetPolicyDrivenUpdateSourceForDriverUpdates-Description-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForDriverUpdates-Editable-Begin -->
@@ -3817,7 +3895,7 @@ Enabling this policy for EDU devices that remain on Carts overnight will skip po
 <!-- SetPolicyDrivenUpdateSourceForFeatureUpdates-OmaUri-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForFeatureUpdates-Description-Begin -->
-<!-- Description-Not-Found -->
+<!-- Description-Source-Not-Found -->
 <!-- SetPolicyDrivenUpdateSourceForFeatureUpdates-Description-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForFeatureUpdates-Editable-Begin -->
@@ -3878,7 +3956,7 @@ Enabling this policy for EDU devices that remain on Carts overnight will skip po
 <!-- SetPolicyDrivenUpdateSourceForOtherUpdates-OmaUri-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForOtherUpdates-Description-Begin -->
-<!-- Description-Not-Found -->
+<!-- Description-Source-Not-Found -->
 <!-- SetPolicyDrivenUpdateSourceForOtherUpdates-Description-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForOtherUpdates-Editable-Begin -->
@@ -3939,7 +4017,7 @@ Enabling this policy for EDU devices that remain on Carts overnight will skip po
 <!-- SetPolicyDrivenUpdateSourceForQualityUpdates-OmaUri-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForQualityUpdates-Description-Begin -->
-<!-- Description-Not-Found -->
+<!-- Description-Source-Not-Found -->
 <!-- SetPolicyDrivenUpdateSourceForQualityUpdates-Description-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForQualityUpdates-Editable-Begin -->
@@ -4000,6 +4078,7 @@ Enabling this policy for EDU devices that remain on Carts overnight will skip po
 <!-- SetProxyBehaviorForUpdateDetection-OmaUri-End -->
 
 <!-- SetProxyBehaviorForUpdateDetection-Description-Begin -->
+<!-- Description-Source-ADMX-Element -->
 Select the proxy behavior for Windows Update client for detecting updates
 <!-- SetProxyBehaviorForUpdateDetection-Description-End -->
 
@@ -4068,6 +4147,7 @@ This policy setting doesn't impact those customers who have, per Microsoft recom
 <!-- TargetReleaseVersion-OmaUri-End -->
 
 <!-- TargetReleaseVersion-Description-Begin -->
+<!-- Description-Source-DDF -->
 Available in Windows 10, version 1803 and later. Enables IT administrators to specify which version they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy. For details about different Windows 10 versions, see Windows 10 release information.
 <!-- TargetReleaseVersion-Description-End -->
 
@@ -4089,7 +4169,7 @@ Available in Windows 10, version 1803 and later. Enables IT administrators to sp
 
 | Name | Value |
 |:--|:--|
-| Name | TargetReleaseVersion_Title |
+| Name | TargetReleaseVersion |
 | Friendly Name | Select the target Feature Update version |
 | Element Name | Target Version for Feature Updates |
 | Location | Computer Configuration |
@@ -4120,6 +4200,7 @@ Available in Windows 10, version 1803 and later. Enables IT administrators to sp
 <!-- UpdateNotificationLevel-OmaUri-End -->
 
 <!-- UpdateNotificationLevel-Description-Begin -->
+<!-- Description-Source-ADMX -->
 0 (default) – Use the default Windows Update notifications
 1 – Turn off all notifications, excluding restart warnings
 2 – Turn off all notifications, including restart warnings
@@ -4160,7 +4241,7 @@ If you select “Apply only during active hours” in conjunction with Option 1
 
 | Name | Value |
 |:--|:--|
-| Name | UpdateNotificationLevel_Title |
+| Name | UpdateNotificationLevel |
 | Friendly Name | Display options for update notifications |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage end user experience |
@@ -4191,7 +4272,8 @@ If you select “Apply only during active hours” in conjunction with Option 1
 <!-- UpdateServiceUrl-OmaUri-End -->
 
 <!-- UpdateServiceUrl-Description-Begin -->
-**Important**: Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enterprise and IoT Mobile. Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet. Supported operations are Get and Replace.
+<!-- Description-Source-DDF -->
+ImportantStarting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enterprise and IoT Mobile. Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet. Supported operations are Get and Replace.
 <!-- UpdateServiceUrl-Description-End -->
 
 <!-- UpdateServiceUrl-Editable-Begin -->
@@ -4244,6 +4326,7 @@ If you select “Apply only during active hours” in conjunction with Option 1
 <!-- UpdateServiceUrlAlternate-OmaUri-End -->
 
 <!-- UpdateServiceUrlAlternate-Description-Begin -->
+<!-- Description-Source-DDF -->
 Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server. Value type is string and the default value is an empty string, . If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. **Note**: If the Configure Automatic Updates Group Policy is disabled, then this policy has no effect. If the Alternate Download Server Group Policy is not set, it will use the WSUS server by default to download updates. This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
 <!-- UpdateServiceUrlAlternate-Description-End -->
 
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index 106c5f63e4..9aace46fee 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -1,1254 +1,1554 @@
 ---
-title: Policy CSP - WindowsDefenderSecurityCenter
-description: Learn how to use the Policy CSP - WindowsDefenderSecurityCenter setting to display the Account protection area in Windows Defender Security Center.
+title: WindowsDefenderSecurityCenter Policy CSP
+description: Learn more about the WindowsDefenderSecurityCenter Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 12/07/2022
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer: 
-manager: aaroncz
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- WindowsDefenderSecurityCenter-Begin -->
 # Policy CSP - WindowsDefenderSecurityCenter
 
-<hr/>
+<!-- WindowsDefenderSecurityCenter-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- WindowsDefenderSecurityCenter-Editable-End -->
 
-<!--Policies-->
+<!-- CompanyName-Begin -->
+## CompanyName
 
-## WindowsDefenderSecurityCenter policies
+<!-- CompanyName-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- CompanyName-Applicability-End -->
 
-<dl>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-companyname">WindowsDefenderSecurityCenter/CompanyName</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-disableaccountprotectionui">WindowsDefenderSecurityCenter/DisableAccountProtectionUI</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-disableappbrowserui">WindowsDefenderSecurityCenter/DisableAppBrowserUI</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-disablecleartpmbutton">WindowsDefenderSecurityCenter/DisableClearTpmButton</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-disabledevicesecurityui">WindowsDefenderSecurityCenter/DisableDeviceSecurityUI</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-disableenhancednotifications">WindowsDefenderSecurityCenter/DisableEnhancedNotifications</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-disablefamilyui">WindowsDefenderSecurityCenter/DisableFamilyUI</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-disablehealthui">WindowsDefenderSecurityCenter/DisableHealthUI</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-disablenetworkui">WindowsDefenderSecurityCenter/DisableNetworkUI</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-disablenotifications">WindowsDefenderSecurityCenter/DisableNotifications</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-disabletpmfirmwareupdatewarning">WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-disablevirusui">WindowsDefenderSecurityCenter/DisableVirusUI</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-disallowexploitprotectionoverride">WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-email">WindowsDefenderSecurityCenter/Email</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-enablecustomizedtoasts">WindowsDefenderSecurityCenter/EnableCustomizedToasts</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-enableinappcustomization">WindowsDefenderSecurityCenter/EnableInAppCustomization</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-hideransomwaredatarecovery">WindowsDefenderSecurityCenter/HideRansomwareDataRecovery</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-hidesecureboot">WindowsDefenderSecurityCenter/HideSecureBoot</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-hidetpmtroubleshooting">WindowsDefenderSecurityCenter/HideTPMTroubleshooting</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-hidewindowssecuritynotificationareacontrol">WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-phone">WindowsDefenderSecurityCenter/Phone</a>
-  </dd>
-  <dd>
-    <a href="#windowsdefendersecuritycenter-url">WindowsDefenderSecurityCenter/URL</a>
-  </dd>
-</dl>
+<!-- CompanyName-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/CompanyName
+```
+<!-- CompanyName-OmaUri-End -->
 
-<hr/>
+<!-- CompanyName-Description-Begin -->
+<!-- Description-Source-DDF -->
+The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display the contact options. Value type is string. Supported operations are Add, Get, Replace and Delete.
+<!-- CompanyName-Description-End -->
 
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-companyname"></a>**WindowsDefenderSecurityCenter/CompanyName**
+<!-- CompanyName-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- CompanyName-Editable-End -->
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- CompanyName-DFProperties-Begin -->
+**Description framework properties**:
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- CompanyName-DFProperties-End -->
 
-<!--/SupportedSKUs-->
-<hr/>
+<!-- CompanyName-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+| Name | Value |
+|:--|:--|
+| Name | EnterpriseCustomization_CompanyName |
+| Friendly Name | Specify contact company name |
+| Element Name | Company name |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Enterprise Customization |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- CompanyName-GpMapping-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- CompanyName-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- CompanyName-Examples-End -->
 
-<hr/>
+<!-- CompanyName-End -->
 
-<!--/Scope-->
-<!--Description-->
-The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display the contact options.
+<!-- DisableAccountProtectionUI-Begin -->
+## DisableAccountProtectionUI
 
-- Supported value type is string.
-- Supported operations are Add, Get, Replace and Delete.
+<!-- DisableAccountProtectionUI-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- DisableAccountProtectionUI-Applicability-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
+<!-- DisableAccountProtectionUI-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisableAccountProtectionUI
+```
+<!-- DisableAccountProtectionUI-OmaUri-End -->
 
-ADMX Info:
--   GP Friendly name: *Specify contact company name*
--   GP name: *EnterpriseCustomization_CompanyName*
--   GP element: *Presentation_EnterpriseCustomization_CompanyName*
--   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+<!-- DisableAccountProtectionUI-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Hide the Account protection area in Windows Security.
 
-<!--/ADMXMapped-->
-<!--/Policy-->
+Enabled:
+The Account protection area will be hidden.
 
-<hr/>
+Disabled:
+The Account protection area will be shown.
 
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-disableaccountprotectionui"></a>**WindowsDefenderSecurityCenter/DisableAccountProtectionUI**
+Not configured:
+Same as Disabled.
+<!-- DisableAccountProtectionUI-Description-End -->
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- DisableAccountProtectionUI-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableAccountProtectionUI-Editable-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- DisableAccountProtectionUI-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--/SupportedSKUs-->
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableAccountProtectionUI-DFProperties-End -->
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- DisableAccountProtectionUI-AllowedValues-Begin -->
+**Allowed values**:
 
-> [!div class = "checklist"]
-> * Device
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable) The users can see the display of the Account protection area in Windows Defender Security Center. |
+| 1 | (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center. |
+<!-- DisableAccountProtectionUI-AllowedValues-End -->
 
-<hr/>
+<!-- DisableAccountProtectionUI-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--/Scope-->
-<!--Description-->
-Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
+| Name | Value |
+|:--|:--|
+| Name | AccountProtection_UILockdown |
+| Friendly Name | Hide the Account protection area |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Account protection |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Account protection |
+| Registry Value Name | UILockdown |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- DisableAccountProtectionUI-GpMapping-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide the Account protection area*
--   GP name: *AccountProtection_UILockdown*
--   GP path: *Windows Components/Windows Defender Security Center/Account protection*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+<!-- DisableAccountProtectionUI-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableAccountProtectionUI-Examples-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-Valid values:
+<!-- DisableAccountProtectionUI-End -->
 
-- 0 - (Disable) The users can see the display of the Account protection area in Windows Defender Security Center.
-- 1 - (Enable) The users can't see the display of the Account protection area in Windows Defender Security Center.
+<!-- DisableAppBrowserUI-Begin -->
+## DisableAppBrowserUI
 
-<!--/SupportedValues-->
-<!--/Policy-->
+<!-- DisableAppBrowserUI-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- DisableAppBrowserUI-Applicability-End -->
 
-<hr/>
+<!-- DisableAppBrowserUI-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisableAppBrowserUI
+```
+<!-- DisableAppBrowserUI-OmaUri-End -->
 
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-disableappbrowserui"></a>**WindowsDefenderSecurityCenter/DisableAppBrowserUI**
+<!-- DisableAppBrowserUI-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Hide the App and browser protection area in Windows Security.
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+Enabled:
+The App and browser protection area will be hidden.
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+Disabled:
+The App and browser protection area will be shown.
 
-<!--/SupportedSKUs-->
-<hr/>
+Not configured:
+Same as Disabled.
+<!-- DisableAppBrowserUI-Description-End -->
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- DisableAppBrowserUI-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableAppBrowserUI-Editable-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- DisableAppBrowserUI-DFProperties-Begin -->
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableAppBrowserUI-DFProperties-End -->
 
-<!--/Scope-->
-<!--Description-->
-Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
+<!-- DisableAppBrowserUI-AllowedValues-Begin -->
+**Allowed values**:
 
-- Supported value type is integer.
-- Supported operations are Add, Get, Replace and Delete.
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable) The users can see the display of the app and browser protection area in Windows Defender Security Center. |
+| 1 | (Enable) The users cannot see the display of the app and browser protection area in Windows Defender Security Center. |
+<!-- DisableAppBrowserUI-AllowedValues-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide the App and browser protection area*
--   GP name: *AppBrowserProtection_UILockdown*
--   GP path: *Windows Components/Windows Defender Security Center/App and browser protection*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+<!-- DisableAppBrowserUI-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
+| Name | Value |
+|:--|:--|
+| Name | AppBrowserProtection_UILockdown |
+| Friendly Name | Hide the App and browser protection area |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > App and browser protection |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection |
+| Registry Value Name | UILockdown |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- DisableAppBrowserUI-GpMapping-End -->
 
-- 0 - (Disable) The users can see the display of the app and browser protection area in Windows Defender Security Center.
-- 1 - (Enable) The users can't see the display of the app and browser protection area in Windows Defender Security Center.
+<!-- DisableAppBrowserUI-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableAppBrowserUI-Examples-End -->
 
-<!--/SupportedValues-->
-<!--/Policy-->
+<!-- DisableAppBrowserUI-End -->
 
-<hr/>
+<!-- DisableClearTpmButton-Begin -->
+## DisableClearTpmButton
 
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-disablecleartpmbutton"></a>**WindowsDefenderSecurityCenter/DisableClearTpmButton**
+<!-- DisableClearTpmButton-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
+<!-- DisableClearTpmButton-Applicability-End -->
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- DisableClearTpmButton-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisableClearTpmButton
+```
+<!-- DisableClearTpmButton-OmaUri-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
+<!-- DisableClearTpmButton-Description-Begin -->
+<!-- Description-Source-ADMX -->
 Disable the Clear TPM button in Windows Security.
 
-- Enabled: The Clear TPM button will be unavailable for use.
-- Disabled: The Clear TPM button will be available for use on supported systems.
-- Not configured: Same as Disabled.
-
-Supported values:
-
-- 0 - Disabled (default)
-- 1 - Enabled
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Disable the Clear TPM button*
--   GP name: *DeviceSecurity_DisableClearTpmButton*
--   GP path: *Windows Components/Windows Security/Device security*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-
-<!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-disabledevicesecurityui"></a>**WindowsDefenderSecurityCenter/DisableDeviceSecurityUI**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide the Device security area*
--   GP name: *DeviceSecurity_UILockdown*
--   GP path: *Windows Components/Windows Defender Security Center/Device security*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-Valid values:
-
-- 0 - (Disable) The users can see the display of the Device security area in Windows Defender Security Center.
-- 1 - (Enable) The users can't see the display of the Device security area in Windows Defender Security Center.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-disableenhancednotifications"></a>**WindowsDefenderSecurityCenter/DisableEnhancedNotifications**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Use this policy if you want Windows Defender Security Center to only display notifications that are considered critical. If you disable or don't configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
-
-> [!NOTE]
-> If Suppress notification is enabled then users won't see critical or non-critical messages.
-
-- Supported value type is integer.
-- Supported operations are Add, Get, Replace and Delete.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide non-critical notifications*
--   GP name: *Notifications_DisableEnhancedNotifications*
--   GP path: *Windows Components/Windows Defender Security Center/Notifications*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
-- 0 - (Disable) Windows Defender Security Center will display critical and non-critical notifications to users.
-- 1 - (Enable) Windows Defender Security Center only display notifications that are considered critical on clients.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-disablefamilyui"></a>**WindowsDefenderSecurityCenter/DisableFamilyUI**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-
-- Supported value type is integer.
-- Supported operations are Add, Get, Replace and Delete.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide the Family options area*
--   GP name: *FamilyOptions_UILockdown*
--   GP path: *Windows Components/Windows Defender Security Center/Family options*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
-- 0 - (Disable) The users can see the display of the family options area in Windows Defender Security Center.
-- 1 - (Enable) The users can't see the display of the family options area in Windows Defender Security Center.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-disablehealthui"></a>**WindowsDefenderSecurityCenter/DisableHealthUI**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-
-- Supported value type is integer.
-- Supported operations are Add, Get, Replace and Delete.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide the Device performance and health area*
--   GP name: *DevicePerformanceHealth_UILockdown*
--   GP path: *Windows Components/Windows Defender Security Center/Device performance and health*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
-- 0 - (Disable) The users can see the display of the device performance and health area in Windows Defender Security Center.
-- 1 - (Enable) The users can't see the display of the device performance and health area in Windows Defender Security Center.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-disablenetworkui"></a>**WindowsDefenderSecurityCenter/DisableNetworkUI**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-
-- Supported value type is integer.
-- Supported operations are Add, Get, Replace and Delete.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide the Firewall and network protection area*
--   GP name: *FirewallNetworkProtection_UILockdown*
--   GP path: *Windows Components/Windows Defender Security Center/Firewall and network protection*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
-- 0 - (Disable) The users can see the display of the firewall and network protection area in Windows Defender Security Center.
-- 1 - (Enable) The users can't see the display of the firewall and network protection area in Windows Defender Security Center.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-disablenotifications"></a>**WindowsDefenderSecurityCenter/DisableNotifications**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or don't configure this setting, Windows Defender Security Center notifications will display on devices.
-
-- Supported value type is integer.
-- Supported operations are Add, Get, Replace and Delete.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide all notifications*
--   GP name: *Notifications_DisableNotifications*
--   GP path: *Windows Components/Windows Defender Security Center/Notifications*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
-- 0 - (Disable) The users can see the display of Windows Defender Security Center notifications.
-- 1 - (Enable) The users can't see the display of Windows Defender Security Center notifications.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-disabletpmfirmwareupdatewarning"></a>**WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
+Enabled:
+The Clear TPM button will be unavailable for use.
+
+Disabled:
+The Clear TPM button will be available for use.
+
+Not configured:
+Same as Disabled.
+<!-- DisableClearTpmButton-Description-End -->
+
+<!-- DisableClearTpmButton-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableClearTpmButton-Editable-End -->
+
+<!-- DisableClearTpmButton-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableClearTpmButton-DFProperties-End -->
+
+<!-- DisableClearTpmButton-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disabled or not configured) The security processor troubleshooting page shows a button that initiates the process to clear the security processor (TPM). |
+| 1 | (Enabled) The security processor troubleshooting page will not show a button to initiate the process to clear the security processor (TPM) |
+<!-- DisableClearTpmButton-AllowedValues-End -->
+
+<!-- DisableClearTpmButton-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DeviceSecurity_DisableClearTpmButton |
+| Friendly Name | Disable the Clear TPM button |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Device security |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security |
+| Registry Value Name | DisableClearTpmButton |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- DisableClearTpmButton-GpMapping-End -->
+
+<!-- DisableClearTpmButton-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableClearTpmButton-Examples-End -->
+
+<!-- DisableClearTpmButton-End -->
+
+<!-- DisableDeviceSecurityUI-Begin -->
+## DisableDeviceSecurityUI
+
+<!-- DisableDeviceSecurityUI-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- DisableDeviceSecurityUI-Applicability-End -->
+
+<!-- DisableDeviceSecurityUI-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
+```
+<!-- DisableDeviceSecurityUI-OmaUri-End -->
+
+<!-- DisableDeviceSecurityUI-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Hide the Device security area in Windows Security.
+
+Enabled:
+The Device security area will be hidden.
+
+Disabled:
+The Device security area will be shown.
+
+Not configured:
+Same as Disabled.
+<!-- DisableDeviceSecurityUI-Description-End -->
+
+<!-- DisableDeviceSecurityUI-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableDeviceSecurityUI-Editable-End -->
+
+<!-- DisableDeviceSecurityUI-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableDeviceSecurityUI-DFProperties-End -->
+
+<!-- DisableDeviceSecurityUI-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable) The users can see the display of the Device security area in Windows Defender Security Center. |
+| 1 | (Enable) The users cannot see the display of the Device security area in Windows Defender Security Center. |
+<!-- DisableDeviceSecurityUI-AllowedValues-End -->
+
+<!-- DisableDeviceSecurityUI-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DeviceSecurity_UILockdown |
+| Friendly Name | Hide the Device security area |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Device security |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security |
+| Registry Value Name | UILockdown |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- DisableDeviceSecurityUI-GpMapping-End -->
+
+<!-- DisableDeviceSecurityUI-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableDeviceSecurityUI-Examples-End -->
+
+<!-- DisableDeviceSecurityUI-End -->
+
+<!-- DisableEnhancedNotifications-Begin -->
+## DisableEnhancedNotifications
+
+<!-- DisableEnhancedNotifications-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- DisableEnhancedNotifications-Applicability-End -->
+
+<!-- DisableEnhancedNotifications-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisableEnhancedNotifications
+```
+<!-- DisableEnhancedNotifications-OmaUri-End -->
+
+<!-- DisableEnhancedNotifications-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Only show critical notifications from Windows Security.
+
+If the Suppress all notifications GP setting has been enabled, this setting will have no effect.
+
+Enabled:
+Local users will only see critical notifications from Windows Security. They will not see other types of notifications, such as regular PC or device health information.
+
+Disabled:
+Local users will see all types of notifications from Windows Security.
+
+Not configured:
+Same as Disabled.
+<!-- DisableEnhancedNotifications-Description-End -->
+
+<!-- DisableEnhancedNotifications-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableEnhancedNotifications-Editable-End -->
+
+<!-- DisableEnhancedNotifications-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableEnhancedNotifications-DFProperties-End -->
+
+<!-- DisableEnhancedNotifications-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable) Windows Defender Security Center will display critical and non-critical notifications to users.. |
+| 1 | (Enable) Windows Defender Security Center only display notifications which are considered critical on clients. |
+<!-- DisableEnhancedNotifications-AllowedValues-End -->
+
+<!-- DisableEnhancedNotifications-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Notifications_DisableEnhancedNotifications |
+| Friendly Name | Hide non-critical notifications |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Notifications |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications |
+| Registry Value Name | DisableEnhancedNotifications |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- DisableEnhancedNotifications-GpMapping-End -->
+
+<!-- DisableEnhancedNotifications-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableEnhancedNotifications-Examples-End -->
+
+<!-- DisableEnhancedNotifications-End -->
+
+<!-- DisableFamilyUI-Begin -->
+## DisableFamilyUI
+
+<!-- DisableFamilyUI-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- DisableFamilyUI-Applicability-End -->
+
+<!-- DisableFamilyUI-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisableFamilyUI
+```
+<!-- DisableFamilyUI-OmaUri-End -->
+
+<!-- DisableFamilyUI-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Hide the Family options area in Windows Security.
+
+Enabled:
+The Family options area will be hidden.
+
+Disabled:
+The Family options area will be shown.
+
+Not configured:
+Same as Disabled.
+<!-- DisableFamilyUI-Description-End -->
+
+<!-- DisableFamilyUI-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableFamilyUI-Editable-End -->
+
+<!-- DisableFamilyUI-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableFamilyUI-DFProperties-End -->
+
+<!-- DisableFamilyUI-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable) The users can see the display of the family options area in Windows Defender Security Center. |
+| 1 | (Enable) The users cannot see the display of the family options area in Windows Defender Security Center. |
+<!-- DisableFamilyUI-AllowedValues-End -->
+
+<!-- DisableFamilyUI-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | FamilyOptions_UILockdown |
+| Friendly Name | Hide the Family options area |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Family options |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Family options |
+| Registry Value Name | UILockdown |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- DisableFamilyUI-GpMapping-End -->
+
+<!-- DisableFamilyUI-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableFamilyUI-Examples-End -->
+
+<!-- DisableFamilyUI-End -->
+
+<!-- DisableHealthUI-Begin -->
+## DisableHealthUI
+
+<!-- DisableHealthUI-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- DisableHealthUI-Applicability-End -->
+
+<!-- DisableHealthUI-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisableHealthUI
+```
+<!-- DisableHealthUI-OmaUri-End -->
+
+<!-- DisableHealthUI-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Hide the Device performance and health area in Windows Security.
+
+Enabled:
+The Device performance and health area will be hidden.
+
+Disabled:
+The Device performance and health area will be shown.
+
+Not configured:
+Same as Disabled.
+<!-- DisableHealthUI-Description-End -->
+
+<!-- DisableHealthUI-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableHealthUI-Editable-End -->
+
+<!-- DisableHealthUI-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableHealthUI-DFProperties-End -->
+
+<!-- DisableHealthUI-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable) The users can see the display of the device performance and health area in Windows Defender Security Center. |
+| 1 | (Enable) The users cannot see the display of the device performance and health area in Windows Defender Security Center. |
+<!-- DisableHealthUI-AllowedValues-End -->
+
+<!-- DisableHealthUI-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DevicePerformanceHealth_UILockdown |
+| Friendly Name | Hide the Device performance and health area |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Device performance and health |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device performance and health |
+| Registry Value Name | UILockdown |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- DisableHealthUI-GpMapping-End -->
+
+<!-- DisableHealthUI-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableHealthUI-Examples-End -->
+
+<!-- DisableHealthUI-End -->
+
+<!-- DisableNetworkUI-Begin -->
+## DisableNetworkUI
+
+<!-- DisableNetworkUI-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- DisableNetworkUI-Applicability-End -->
+
+<!-- DisableNetworkUI-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisableNetworkUI
+```
+<!-- DisableNetworkUI-OmaUri-End -->
+
+<!-- DisableNetworkUI-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Hide the Firewall and network protection area in Windows Security.
+
+Enabled:
+The Firewall and network protection area will be hidden.
+
+Disabled:
+The Firewall and network protection area will be shown.
+
+Not configured:
+Same as Disabled.
+<!-- DisableNetworkUI-Description-End -->
+
+<!-- DisableNetworkUI-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableNetworkUI-Editable-End -->
+
+<!-- DisableNetworkUI-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableNetworkUI-DFProperties-End -->
+
+<!-- DisableNetworkUI-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable) The users can see the display of the firewall and network protection area in Windows Defender Security Center. |
+| 1 | (Enable) The users cannot see the display of the firewall and network protection area in Windows Defender Security Center. |
+<!-- DisableNetworkUI-AllowedValues-End -->
+
+<!-- DisableNetworkUI-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | FirewallNetworkProtection_UILockdown |
+| Friendly Name | Hide the Firewall and network protection area |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Firewall and network protection |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Firewall and network protection |
+| Registry Value Name | UILockdown |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- DisableNetworkUI-GpMapping-End -->
+
+<!-- DisableNetworkUI-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableNetworkUI-Examples-End -->
+
+<!-- DisableNetworkUI-End -->
+
+<!-- DisableNotifications-Begin -->
+## DisableNotifications
+
+<!-- DisableNotifications-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- DisableNotifications-Applicability-End -->
+
+<!-- DisableNotifications-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisableNotifications
+```
+<!-- DisableNotifications-OmaUri-End -->
+
+<!-- DisableNotifications-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Hide notifications from Windows Security.
+
+Enabled:
+Local users will not see notifications from Windows Security.
+
+Disabled:
+Local users can see notifications from Windows Security.
+
+Not configured:
+Same as Disabled.
+<!-- DisableNotifications-Description-End -->
+
+<!-- DisableNotifications-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableNotifications-Editable-End -->
+
+<!-- DisableNotifications-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableNotifications-DFProperties-End -->
+
+<!-- DisableNotifications-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable) The users can see the display of Windows Defender Security Center notifications. |
+| 1 | (Enable) The users cannot see the display of Windows Defender Security Center notifications. |
+<!-- DisableNotifications-AllowedValues-End -->
+
+<!-- DisableNotifications-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Notifications_DisableNotifications |
+| Friendly Name | Hide all notifications |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Notifications |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications |
+| Registry Value Name | DisableNotifications |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- DisableNotifications-GpMapping-End -->
+
+<!-- DisableNotifications-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableNotifications-Examples-End -->
+
+<!-- DisableNotifications-End -->
+
+<!-- DisableTpmFirmwareUpdateWarning-Begin -->
+## DisableTpmFirmwareUpdateWarning
+
+<!-- DisableTpmFirmwareUpdateWarning-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
+<!-- DisableTpmFirmwareUpdateWarning-Applicability-End -->
+
+<!-- DisableTpmFirmwareUpdateWarning-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
+```
+<!-- DisableTpmFirmwareUpdateWarning-OmaUri-End -->
+
+<!-- DisableTpmFirmwareUpdateWarning-Description-Begin -->
+<!-- Description-Source-ADMX -->
 Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected.
 
-- Enabled: Users won't be shown a recommendation to update their TPM Firmware.
-- Disabled: Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware.
-- Not configured: Same as Disabled.
-
-Supported values:
-
-- 0 - Disabled (default)
-- 1 - Enabled
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide the TPM Firmware Update recommendation.*
--   GP name: *DeviceSecurity_DisableTpmFirmwareUpdateWarning*
--   GP path: *Windows Components/Windows Security/Device security*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-
-<!--/SupportedValues-->
-<!--Example-->
-
-<!--/Example-->
-<!--Validation-->
-
-<!--/Validation-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-disablevirusui"></a>**WindowsDefenderSecurityCenter/DisableVirusUI**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area.
-
-- Supported value type is integer.
-- Supported operations are Add, Get, Replace and Delete.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide the Virus and threat protection area*
--   GP name: *VirusThreatProtection_UILockdown*
--   GP path: *Windows Components/Windows Defender Security Center/Virus and threat protection*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
-- 0 - (Disable) The users can see the display of the virus and threat protection area in Windows Defender Security Center.
-- 1 - (Enable) The users can't see the display of the virus and threat protection area in Windows Defender Security Center.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-disallowexploitprotectionoverride"></a>**WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or don't configure this setting, local users can make changes in the exploit protection settings area.
-
-- Supported value type is integer.
-- Supported operations are Add, Get, Replace and Delete.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Prevent users from modifying settings*
--   GP name: *AppBrowserProtection_DisallowExploitProtectionOverride*
--   GP path: *Windows Components/Windows Defender Security Center/App and browser protection*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
-- 0 - (Disable) Local users are allowed to make changes in the exploit protection settings area.
-- 1 - (Enable) Local users can't make changes in the exploit protection settings area.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-email"></a>**WindowsDefenderSecurityCenter/Email**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-The email address that is displayed to users. The default mail application is used to initiate email actions. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
-
-- Supported value type is string.
-- Supported operations are Add, Get, Replace and Delete.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Specify contact email address or Email ID*
--   GP name: *EnterpriseCustomization_Email*
--   GP element: *Presentation_EnterpriseCustomization_Email*
--   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-enablecustomizedtoasts"></a>**WindowsDefenderSecurityCenter/EnableCustomizedToasts**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Enable this policy to display your company name and contact options in the notifications. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text.
-
-- Supported value type is integer.
-- Supported operations are Add, Get, Replace, and Delete.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Configure customized notifications*
--   GP name: *EnterpriseCustomization_EnableCustomizedToasts*
--   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
-- 0 - (Disable) Notifications contain a default notification text.
-- 1 - (Enable) Notifications contain the company name and contact options.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-enableinappcustomization"></a>**WindowsDefenderSecurityCenter/EnableInAppCustomization**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center won't display the contact card fly out notification.
-
-- Support value type is integer.
-- Supported operations are Add, Get, Replace, and Delete.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Configure customized contact information*
--   GP name: *EnterpriseCustomization_EnableInAppCustomization*
--   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
-- 0 - (Disable) Don't display the company name and contact options in the card fly out notification.
-- 1 - (Enable) Display the company name and contact options in the card fly out notification.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-hideransomwaredatarecovery"></a>**WindowsDefenderSecurityCenter/HideRansomwareDataRecovery**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide the Ransomware data recovery area*
--   GP name: *VirusThreatProtection_HideRansomwareRecovery*
--   GP path: *Windows Components/Windows Defender Security Center/Virus and threat protection*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-Valid values:
-
-- 0 - (Disable or not configured) The Ransomware data recovery area will be visible.
-- 1 - (Enable) The Ransomware data recovery area is hidden.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-hidesecureboot"></a>**WindowsDefenderSecurityCenter/HideSecureBoot**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Use this policy to hide the Secure boot area in the Windows Defender Security Center.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide the Secure boot area*
--   GP name: *DeviceSecurity_HideSecureBoot*
--   GP path: *Windows Components/Windows Defender Security Center/Device security*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-Valid values:
-
-- 0 - (Disable or not configured) The Secure boot area is displayed.
-- 1 - (Enable) The Secure boot area is hidden.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-hidetpmtroubleshooting"></a>**WindowsDefenderSecurityCenter/HideTPMTroubleshooting**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Use this policy to hide the Security processor (TPM) troubleshooting area in the Windows Defender Security Center.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide the Security processor (TPM) troubleshooter page*
--   GP name: *DeviceSecurity_HideTPMTroubleshooting*
--   GP path: *Windows Components/Windows Defender Security Center/Device security*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-Valid values:
-
-- 0 - (Disable or not configured) The Security processor (TPM) troubleshooting area is displayed.
-- 1 - (Enable) The Security processor (TPM) troubleshooting area is hidden.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-hidewindowssecuritynotificationareacontrol"></a>**WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
+Enabled:
+Users will not be shown a recommendation to update their TPM Firmware.
+
+Disabled:
+Users will see a recommendation to update their TPM Firmware if Windows Security detects the system contains a TPM with vulnerable firmware.
+
+Not configured:
+Same as Disabled.
+<!-- DisableTpmFirmwareUpdateWarning-Description-End -->
+
+<!-- DisableTpmFirmwareUpdateWarning-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableTpmFirmwareUpdateWarning-Editable-End -->
+
+<!-- DisableTpmFirmwareUpdateWarning-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableTpmFirmwareUpdateWarning-DFProperties-End -->
+
+<!-- DisableTpmFirmwareUpdateWarning-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable or Not configured) A warning will be displayed if the firmware of the security processor (TPM) should be updated for TPMs that have a vulnerability. |
+| 1 | (Enabled) No warning will be displayed if the firmware of the security processor (TPM) should be updated. |
+<!-- DisableTpmFirmwareUpdateWarning-AllowedValues-End -->
+
+<!-- DisableTpmFirmwareUpdateWarning-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DeviceSecurity_DisableTpmFirmwareUpdateWarning |
+| Friendly Name | Hide the TPM Firmware Update recommendation. |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Device security |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security |
+| Registry Value Name | DisableTpmFirmwareUpdateWarning |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- DisableTpmFirmwareUpdateWarning-GpMapping-End -->
+
+<!-- DisableTpmFirmwareUpdateWarning-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableTpmFirmwareUpdateWarning-Examples-End -->
+
+<!-- DisableTpmFirmwareUpdateWarning-End -->
+
+<!-- DisableVirusUI-Begin -->
+## DisableVirusUI
+
+<!-- DisableVirusUI-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- DisableVirusUI-Applicability-End -->
+
+<!-- DisableVirusUI-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisableVirusUI
+```
+<!-- DisableVirusUI-OmaUri-End -->
+
+<!-- DisableVirusUI-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Hide the Virus and threat protection area in Windows Security.
+
+Enabled:
+The Virus and threat protection area will be hidden.
+
+Disabled:
+The Virus and threat protection area will be shown.
+
+Not configured:
+Same as Disabled.
+<!-- DisableVirusUI-Description-End -->
+
+<!-- DisableVirusUI-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableVirusUI-Editable-End -->
+
+<!-- DisableVirusUI-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableVirusUI-DFProperties-End -->
+
+<!-- DisableVirusUI-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable) The users can see the display of the virus and threat protection area in Windows Defender Security Center. |
+| 1 | (Enable) The users cannot see the display of the virus and threat protection area in Windows Defender Security Center. |
+<!-- DisableVirusUI-AllowedValues-End -->
+
+<!-- DisableVirusUI-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | VirusThreatProtection_UILockdown |
+| Friendly Name | Hide the Virus and threat protection area |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Virus and threat protection |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection |
+| Registry Value Name | UILockdown |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- DisableVirusUI-GpMapping-End -->
+
+<!-- DisableVirusUI-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableVirusUI-Examples-End -->
+
+<!-- DisableVirusUI-End -->
+
+<!-- DisallowExploitProtectionOverride-Begin -->
+## DisallowExploitProtectionOverride
+
+<!-- DisallowExploitProtectionOverride-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- DisallowExploitProtectionOverride-Applicability-End -->
+
+<!-- DisallowExploitProtectionOverride-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
+```
+<!-- DisallowExploitProtectionOverride-OmaUri-End -->
+
+<!-- DisallowExploitProtectionOverride-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Prevent users from making changes to the Exploit protection settings area in Windows Security.
+
+Enabled:
+Local users can not make changes in the Exploit protection settings area.
+
+Disabled:
+Local users are allowed to make changes in the Exploit protection settings area.
+
+Not configured:
+Same as Disabled.
+<!-- DisallowExploitProtectionOverride-Description-End -->
+
+<!-- DisallowExploitProtectionOverride-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisallowExploitProtectionOverride-Editable-End -->
+
+<!-- DisallowExploitProtectionOverride-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisallowExploitProtectionOverride-DFProperties-End -->
+
+<!-- DisallowExploitProtectionOverride-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable) Local users are allowed to make changes in the exploit protection settings area. |
+| 1 | (Enable) Local users cannot make changes in the exploit protection settings area. |
+<!-- DisallowExploitProtectionOverride-AllowedValues-End -->
+
+<!-- DisallowExploitProtectionOverride-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AppBrowserProtection_DisallowExploitProtectionOverride |
+| Friendly Name | Prevent users from modifying settings |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > App and browser protection |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection |
+| Registry Value Name | DisallowExploitProtectionOverride |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- DisallowExploitProtectionOverride-GpMapping-End -->
+
+<!-- DisallowExploitProtectionOverride-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisallowExploitProtectionOverride-Examples-End -->
+
+<!-- DisallowExploitProtectionOverride-End -->
+
+<!-- Email-Begin -->
+## Email
+
+<!-- Email-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- Email-Applicability-End -->
+
+<!-- Email-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/Email
+```
+<!-- Email-OmaUri-End -->
+
+<!-- Email-Description-Begin -->
+<!-- Description-Source-DDF -->
+The email address that is displayed to users.  The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options. Value type is string. Supported operations are Add, Get, Replace and Delete.
+<!-- Email-Description-End -->
+
+<!-- Email-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Email-Editable-End -->
+
+<!-- Email-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Email-DFProperties-End -->
+
+<!-- Email-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnterpriseCustomization_Email |
+| Friendly Name | Specify contact email address or Email ID |
+| Element Name | Email address or email ID |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Enterprise Customization |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- Email-GpMapping-End -->
+
+<!-- Email-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Email-Examples-End -->
+
+<!-- Email-End -->
+
+<!-- EnableCustomizedToasts-Begin -->
+## EnableCustomizedToasts
+
+<!-- EnableCustomizedToasts-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- EnableCustomizedToasts-Applicability-End -->
+
+<!-- EnableCustomizedToasts-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/EnableCustomizedToasts
+```
+<!-- EnableCustomizedToasts-OmaUri-End -->
+
+<!-- EnableCustomizedToasts-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Display specified contact information to local users in Windows Security notifications.
+
+Enabled:
+Your company contact information will be displayed in notifications that come from Windows Security.
+
+After setting this to Enabled, you must configure the Specify contact company name GP setting and at least one of the following GP settings:
+-Specify contact phone number or Skype ID
+-Specify contact email number or email ID
+-Specify contact website
+Please note that in some cases we will be limiting the contact options that are displayed based on the notification space available.
+
+Disabled:
+No contact information will be shown on notifications.
+
+Not configured:
+Same as Disabled.
+<!-- EnableCustomizedToasts-Description-End -->
+
+<!-- EnableCustomizedToasts-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnableCustomizedToasts-Editable-End -->
+
+<!-- EnableCustomizedToasts-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- EnableCustomizedToasts-DFProperties-End -->
+
+<!-- EnableCustomizedToasts-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | notification text. |
+| 1 | (Enable) Notifications contain the company name and contact options. |
+<!-- EnableCustomizedToasts-AllowedValues-End -->
+
+<!-- EnableCustomizedToasts-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnterpriseCustomization_EnableCustomizedToasts |
+| Friendly Name | Configure customized notifications |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Enterprise Customization |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization |
+| Registry Value Name | EnableForToasts |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- EnableCustomizedToasts-GpMapping-End -->
+
+<!-- EnableCustomizedToasts-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- EnableCustomizedToasts-Examples-End -->
+
+<!-- EnableCustomizedToasts-End -->
+
+<!-- EnableInAppCustomization-Begin -->
+## EnableInAppCustomization
+
+<!-- EnableInAppCustomization-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- EnableInAppCustomization-Applicability-End -->
+
+<!-- EnableInAppCustomization-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/EnableInAppCustomization
+```
+<!-- EnableInAppCustomization-OmaUri-End -->
+
+<!-- EnableInAppCustomization-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Display specified contact information to local users in a contact card flyout menu in Windows Security
+
+Enabled:
+Your company contact information will be displayed in a flyout menu in Windows Security.
+
+After setting this to Enabled, you must configure the Specify contact company name GP setting and at least one of the following GP settings:
+-Specify contact phone number or Skype ID
+-Specify contact email number or email ID
+-Specify contact website
+
+Disabled:
+No contact information will be shown in Windows Security.
+
+Not configured:
+Same as Disabled.
+<!-- EnableInAppCustomization-Description-End -->
+
+<!-- EnableInAppCustomization-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnableInAppCustomization-Editable-End -->
+
+<!-- EnableInAppCustomization-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- EnableInAppCustomization-DFProperties-End -->
+
+<!-- EnableInAppCustomization-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable) Do not display the company name and contact options in the card fly out notification. |
+| 1 | (Enable) Display the company name and contact options in the card fly out notification. |
+<!-- EnableInAppCustomization-AllowedValues-End -->
+
+<!-- EnableInAppCustomization-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnterpriseCustomization_EnableInAppCustomization |
+| Friendly Name | Configure customized contact information |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Enterprise Customization |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization |
+| Registry Value Name | EnableInApp |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- EnableInAppCustomization-GpMapping-End -->
+
+<!-- EnableInAppCustomization-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- EnableInAppCustomization-Examples-End -->
+
+<!-- EnableInAppCustomization-End -->
+
+<!-- HideRansomwareDataRecovery-Begin -->
+## HideRansomwareDataRecovery
+
+<!-- HideRansomwareDataRecovery-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- HideRansomwareDataRecovery-Applicability-End -->
+
+<!-- HideRansomwareDataRecovery-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
+```
+<!-- HideRansomwareDataRecovery-OmaUri-End -->
+
+<!-- HideRansomwareDataRecovery-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Hide the Ransomware data recovery area in Windows Security.
+
+Enabled:
+The Ransomware data recovery area will be hidden.
+
+Disabled:
+The Ransomware data recovery area will be shown.
+
+Not configured:
+Same as Disabled.
+<!-- HideRansomwareDataRecovery-Description-End -->
+
+<!-- HideRansomwareDataRecovery-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- HideRansomwareDataRecovery-Editable-End -->
+
+<!-- HideRansomwareDataRecovery-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- HideRansomwareDataRecovery-DFProperties-End -->
+
+<!-- HideRansomwareDataRecovery-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable or not configured) The Ransomware data recovery area will be visible. |
+| 1 | (Enable) The Ransomware data recovery area is hidden. |
+<!-- HideRansomwareDataRecovery-AllowedValues-End -->
+
+<!-- HideRansomwareDataRecovery-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | VirusThreatProtection_HideRansomwareRecovery |
+| Friendly Name | Hide the Ransomware data recovery area |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Virus and threat protection |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection |
+| Registry Value Name | HideRansomwareRecovery |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- HideRansomwareDataRecovery-GpMapping-End -->
+
+<!-- HideRansomwareDataRecovery-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- HideRansomwareDataRecovery-Examples-End -->
+
+<!-- HideRansomwareDataRecovery-End -->
+
+<!-- HideSecureBoot-Begin -->
+## HideSecureBoot
+
+<!-- HideSecureBoot-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- HideSecureBoot-Applicability-End -->
+
+<!-- HideSecureBoot-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/HideSecureBoot
+```
+<!-- HideSecureBoot-OmaUri-End -->
+
+<!-- HideSecureBoot-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Hide the Secure boot area in Windows Security.
+
+Enabled:
+The Secure boot area will be hidden.
+
+Disabled:
+The Secure boot area will be shown.
+
+Not configured:
+Same as Disabled.
+<!-- HideSecureBoot-Description-End -->
+
+<!-- HideSecureBoot-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- HideSecureBoot-Editable-End -->
+
+<!-- HideSecureBoot-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- HideSecureBoot-DFProperties-End -->
+
+<!-- HideSecureBoot-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable or not configured) The Secure boot area is displayed. |
+| 1 | (Enable) The Secure boot area is hidden. |
+<!-- HideSecureBoot-AllowedValues-End -->
+
+<!-- HideSecureBoot-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DeviceSecurity_HideSecureBoot |
+| Friendly Name | Hide the Secure boot area |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Device security |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security |
+| Registry Value Name | HideSecureBoot |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- HideSecureBoot-GpMapping-End -->
+
+<!-- HideSecureBoot-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- HideSecureBoot-Examples-End -->
+
+<!-- HideSecureBoot-End -->
+
+<!-- HideTPMTroubleshooting-Begin -->
+## HideTPMTroubleshooting
+
+<!-- HideTPMTroubleshooting-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- HideTPMTroubleshooting-Applicability-End -->
+
+<!-- HideTPMTroubleshooting-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/HideTPMTroubleshooting
+```
+<!-- HideTPMTroubleshooting-OmaUri-End -->
+
+<!-- HideTPMTroubleshooting-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Hide the Security processor (TPM) troubleshooting area in Windows Security.
+
+Enabled:
+The Security processor (TPM) troubleshooting area will be hidden.
+
+Disabled:
+The Security processor (TPM) troubleshooting area will be shown.
+
+Not configured:
+Same as Disabled.
+<!-- HideTPMTroubleshooting-Description-End -->
+
+<!-- HideTPMTroubleshooting-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- HideTPMTroubleshooting-Editable-End -->
+
+<!-- HideTPMTroubleshooting-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- HideTPMTroubleshooting-DFProperties-End -->
+
+<!-- HideTPMTroubleshooting-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | (Disable or not configured) The Security processor (TPM) troubleshooting area is displayed. |
+| 1 | (Enable) The Security processor (TPM) troubleshooting area is hidden. |
+<!-- HideTPMTroubleshooting-AllowedValues-End -->
+
+<!-- HideTPMTroubleshooting-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DeviceSecurity_HideTPMTroubleshooting |
+| Friendly Name | Hide the Security processor (TPM) troubleshooter page |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Device security |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security |
+| Registry Value Name | HideTPMTroubleshooting |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- HideTPMTroubleshooting-GpMapping-End -->
+
+<!-- HideTPMTroubleshooting-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- HideTPMTroubleshooting-Examples-End -->
+
+<!-- HideTPMTroubleshooting-End -->
+
+<!-- HideWindowsSecurityNotificationAreaControl-Begin -->
+## HideWindowsSecurityNotificationAreaControl
+
+<!-- HideWindowsSecurityNotificationAreaControl-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
+<!-- HideWindowsSecurityNotificationAreaControl-Applicability-End -->
+
+<!-- HideWindowsSecurityNotificationAreaControl-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
+```
+<!-- HideWindowsSecurityNotificationAreaControl-OmaUri-End -->
+
+<!-- HideWindowsSecurityNotificationAreaControl-Description-Begin -->
+<!-- Description-Source-ADMX -->
 This policy setting hides the Windows Security notification area control.
 
 The user needs to either sign out and sign in or reboot the computer for this setting to take effect.
 
-- Enabled: Windows Security notification area control will be hidden.
-- Disabled: Windows Security notification area control will be shown.
-- Not configured: Same as Disabled.
+Enabled:
+Windows Security notification area control will be hidden.
 
-Supported values:
+Disabled:
+Windows Security notification area control will be shown.
 
-- 0 - Disabled (default)
-- 1 - Enabled
+Not configured:
+Same as Disabled.
+<!-- HideWindowsSecurityNotificationAreaControl-Description-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Hide Windows Security Systray*
--   GP name: *Systray_HideSystray*
--   GP path: *Windows Components/Windows Security/Systray*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+<!-- HideWindowsSecurityNotificationAreaControl-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- HideWindowsSecurityNotificationAreaControl-Editable-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
+<!-- HideWindowsSecurityNotificationAreaControl-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--/SupportedValues-->
-<!--Example-->
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- HideWindowsSecurityNotificationAreaControl-DFProperties-End -->
 
-<!--/Example-->
-<!--Validation-->
+<!-- HideWindowsSecurityNotificationAreaControl-AllowedValues-Begin -->
+**Allowed values**:
 
-<!--/Validation-->
-<!--/Policy-->
+| Value | Description |
+|:--|:--|
+| 0 (Default) |  |
+| 1 | Enabled |
+<!-- HideWindowsSecurityNotificationAreaControl-AllowedValues-End -->
 
-<hr/>
+<!-- HideWindowsSecurityNotificationAreaControl-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-phone"></a>**WindowsDefenderSecurityCenter/Phone**
+| Name | Value |
+|:--|:--|
+| Name | Systray_HideSystray |
+| Friendly Name | Hide Windows Security Systray |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Systray |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray |
+| Registry Value Name | HideSystray |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- HideWindowsSecurityNotificationAreaControl-GpMapping-End -->
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- HideWindowsSecurityNotificationAreaControl-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- HideWindowsSecurityNotificationAreaControl-Examples-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- HideWindowsSecurityNotificationAreaControl-End -->
 
-<!--/SupportedSKUs-->
-<hr/>
+<!-- Phone-Begin -->
+## Phone
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- Phone-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- Phone-Applicability-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- Phone-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/Phone
+```
+<!-- Phone-OmaUri-End -->
 
-<hr/>
+<!-- Phone-Description-Begin -->
+<!-- Description-Source-DDF -->
+The phone number or Skype ID that is displayed to users.  Skype is used to initiate the call. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options. Value type is string. Supported operations are Add, Get, Replace, and Delete.
+<!-- Phone-Description-End -->
 
-<!--/Scope-->
-<!--Description-->
-The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options.
+<!-- Phone-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Phone-Editable-End -->
 
-- Supported value type is string.
-- Supported operations are Add, Get, Replace, and Delete.
+<!-- Phone-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Specify contact phone number or Skype ID*
--   GP name: *EnterpriseCustomization_Phone*
--   GP element: *Presentation_EnterpriseCustomization_Phone*
--   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Phone-DFProperties-End -->
 
-<!--/ADMXMapped-->
-<!--/Policy-->
+<!-- Phone-GpMapping-Begin -->
+**Group policy mapping**:
 
-<hr/>
+| Name | Value |
+|:--|:--|
+| Name | EnterpriseCustomization_Phone |
+| Friendly Name | Specify contact phone number or Skype ID |
+| Element Name | Phone number or Skype ID |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Enterprise Customization |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- Phone-GpMapping-End -->
 
-<!--Policy-->
-<a href="" id="windowsdefendersecuritycenter-url"></a>**WindowsDefenderSecurityCenter/URL**
+<!-- Phone-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Phone-Examples-End -->
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- Phone-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- URL-Begin -->
+## URL
 
-<!--/SupportedSKUs-->
-<hr/>
+<!-- URL-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- URL-Applicability-End -->
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- URL-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/URL
+```
+<!-- URL-OmaUri-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- URL-Description-Begin -->
+<!-- Description-Source-DDF -->
+The help portal URL this is displayed to users.  The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options. Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete.
+<!-- URL-Description-End -->
 
-<hr/>
+<!-- URL-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- URL-Editable-End -->
 
-<!--/Scope-->
-<!--Description-->
-The help portal URL that is displayed to users. The default browser is used to initiate this action. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device won't display contact options.
+<!-- URL-DFProperties-Begin -->
+**Description framework properties**:
 
-- Supported value type is string.
-- Supported operations are Add, Get, Replace, and Delete.
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- URL-DFProperties-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Specify contact website*
--   GP name: *EnterpriseCustomization_URL*
--   GP element: *Presentation_EnterpriseCustomization_URL*
--   GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization*
--   GP ADMX file name: *WindowsDefenderSecurityCenter.admx*
+<!-- URL-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--/ADMXMapped-->
-<!--/Policy-->
-<hr/>
+| Name | Value |
+|:--|:--|
+| Name | EnterpriseCustomization_URL |
+| Friendly Name | Specify contact website |
+| Element Name | IT or support website |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Security > Enterprise Customization |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization |
+| ADMX File Name | WindowsDefenderSecurityCenter.admx |
+<!-- URL-GpMapping-End -->
 
-<!--/Policies-->
+<!-- URL-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- URL-Examples-End -->
 
-## Related topics
+<!-- URL-End -->
 
-[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
+<!-- WindowsDefenderSecurityCenter-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- WindowsDefenderSecurityCenter-CspMoreInfo-End -->
+
+<!-- WindowsDefenderSecurityCenter-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index 403b33ba76..3d1e96e1ef 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -1,138 +1,158 @@
 ---
-title: Policy CSP - WindowsInkWorkspace
-description: Learn to use the Policy CSP - WindowsInkWorkspace setting to specify whether to allow the user to access the ink workspace.
+title: WindowsInkWorkspace Policy CSP
+description: Learn more about the WindowsInkWorkspace Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 12/07/2022
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer: 
-manager: aaroncz
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- WindowsInkWorkspace-Begin -->
 # Policy CSP - WindowsInkWorkspace
 
-<hr/>
+<!-- WindowsInkWorkspace-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- WindowsInkWorkspace-Editable-End -->
 
-<!--Policies-->
-## WindowsInkWorkspace policies
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-Begin -->
+## AllowSuggestedAppsInWindowsInkWorkspace
 
-<dl>
-  <dd>
-    <a href="#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace">WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace</a>
-  </dd>
-  <dd>
-    <a href="#windowsinkworkspace-allowwindowsinkworkspace">WindowsInkWorkspace/AllowWindowsInkWorkspace</a>
-  </dd>
-</dl>
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-Applicability-End -->
 
-<hr/>
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace
+```
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-OmaUri-End -->
 
-<!--Policy-->
-<a href="" id="windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace**
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Allow suggested apps in Windows Ink Workspace
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-Description-End -->
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-Editable-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--/SupportedSKUs-->
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-DFProperties-End -->
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-AllowedValues-Begin -->
+**Allowed values**:
 
-> [!div class = "checklist"]
-> * Device
+| Value | Description |
+|:--|:--|
+| 0 | Not allowed. |
+| 1 (Default) | Allowed. |
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-AllowedValues-End -->
 
-<hr/>
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--/Scope-->
-<!--Description-->
-Show recommended app suggestions in the ink workspace.
+| Name | Value |
+|:--|:--|
+| Name | AllowSuggestedAppsInWindowsInkWorkspace |
+| Friendly Name | Allow suggested apps in Windows Ink Workspace |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Ink Workspace |
+| Registry Key Name | Software\Policies\Microsoft\WindowsInkWorkspace |
+| Registry Value Name | AllowSuggestedAppsInWindowsInkWorkspace |
+| ADMX File Name | WindowsInkWorkspace.admx |
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-GpMapping-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Allow suggested apps in Windows Ink Workspace*
--   GP name: *AllowSuggestedAppsInWindowsInkWorkspace*
--   GP path: *Windows Components/Windows Ink Workspace*
--   GP ADMX file name: *WindowsInkWorkspace.admx*
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-Examples-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
+<!-- AllowSuggestedAppsInWindowsInkWorkspace-End -->
 
--   0 - app suggestions are not allowed.
--   1 (default) -allow app suggestions.
+<!-- AllowWindowsInkWorkspace-Begin -->
+## AllowWindowsInkWorkspace
 
-<!--/SupportedValues-->
-<!--/Policy-->
+<!-- AllowWindowsInkWorkspace-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- AllowWindowsInkWorkspace-Applicability-End -->
 
-<hr/>
+<!-- AllowWindowsInkWorkspace-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsInkWorkspace/AllowWindowsInkWorkspace
+```
+<!-- AllowWindowsInkWorkspace-OmaUri-End -->
 
-<!--Policy-->
-<a href="" id="windowsinkworkspace-allowwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowWindowsInkWorkspace**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
+<!-- AllowWindowsInkWorkspace-Description-Begin -->
+<!-- Description-Source-DDF -->
 Specifies whether to allow the user to access the ink workspace.
+<!-- AllowWindowsInkWorkspace-Description-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Allow Windows Ink Workspace*
--   GP name: *AllowWindowsInkWorkspace*
--   GP element: *AllowWindowsInkWorkspaceDropdown*
--   GP path: *Windows Components/Windows Ink Workspace*
--   GP ADMX file name: *WindowsInkWorkspace.admx*
+<!-- AllowWindowsInkWorkspace-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowWindowsInkWorkspace-Editable-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-Supported value type is int. The following list shows the supported values:
+<!-- AllowWindowsInkWorkspace-DFProperties-Begin -->
+**Description framework properties**:
 
--   0 - access to ink workspace is disabled. The feature is turned off.
--   1 - ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen.
--   2 (default) - ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen.
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 2 |
+<!-- AllowWindowsInkWorkspace-DFProperties-End -->
 
-<!--/SupportedValues-->
-<!--/Policy-->
-<hr/>
+<!-- AllowWindowsInkWorkspace-AllowedValues-Begin -->
+**Allowed values**:
 
-<!--/Policies-->
+| Value | Description |
+|:--|:--|
+| 0 | access to ink workspace is disabled. The feature is turned off. |
+| 1 | ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen. |
+| 2 (Default) | ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen. |
+<!-- AllowWindowsInkWorkspace-AllowedValues-End -->
 
-## Related topics
+<!-- AllowWindowsInkWorkspace-GpMapping-Begin -->
+**Group policy mapping**:
 
-[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
+| Name | Value |
+|:--|:--|
+| Name | AllowWindowsInkWorkspace |
+| Friendly Name | Allow Windows Ink Workspace |
+| Element Name | Choose one of the following actions |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Ink Workspace |
+| Registry Key Name | Software\Policies\Microsoft\WindowsInkWorkspace |
+| ADMX File Name | WindowsInkWorkspace.admx |
+<!-- AllowWindowsInkWorkspace-GpMapping-End -->
+
+<!-- AllowWindowsInkWorkspace-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowWindowsInkWorkspace-Examples-End -->
+
+<!-- AllowWindowsInkWorkspace-End -->
+
+<!-- WindowsInkWorkspace-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- WindowsInkWorkspace-CspMoreInfo-End -->
+
+<!-- WindowsInkWorkspace-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index 259cea10dc..8de42485a9 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -1,92 +1,103 @@
 ---
-title: Policy CSP - WindowsPowerShell
-description: Use the Policy CSP - WindowsPowerShell setting to enable logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log.
+title: WindowsPowerShell Policy CSP
+description: Learn more about the WindowsPowerShell Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 12/07/2022
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer: 
-manager: aaroncz
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- WindowsPowerShell-Begin -->
 # Policy CSP - WindowsPowerShell
 
-<hr/>
-
-<!--Policies-->
-## WindowsPowerShell policies
-
-<dl>
-  <dd>
-    <a href="#windowspowershell-turnonpowershellscriptblocklogging">WindowsPowerShell/TurnOnPowerShellScriptBlockLogging</a>
-  </dd>
-</dl>
-
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="windowspowershell-turnonpowershellscriptblocklogging"></a>**WindowsPowerShell/TurnOnPowerShellScriptBlockLogging**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting, Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation.
-
-If you disable this policy setting, logging of PowerShell script input is disabled.
-
-If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script starts or stops. Enabling Invocation Logging generates a high volume of event logs.
-
-> [!NOTE]
-> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
-
-<!--/Description-->
 > [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 >
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 >
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<!--ADMXBacked-->
-ADMX Info:
--   GP Friendly name: *Turn on PowerShell Script Block Logging*
--   GP name: *EnableScriptBlockLogging*
--   GP path: *Windows Components/Windows PowerShell*
--   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+<!-- WindowsPowerShell-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- WindowsPowerShell-Editable-End -->
 
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
+<!-- TurnOnPowerShellScriptBlockLogging-Begin -->
+## TurnOnPowerShellScriptBlockLogging
 
-<!--/Policies-->
+<!-- TurnOnPowerShellScriptBlockLogging-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- TurnOnPowerShellScriptBlockLogging-Applicability-End -->
 
-## Related topics
+<!-- TurnOnPowerShellScriptBlockLogging-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsPowerShell/TurnOnPowerShellScriptBlockLogging
+```
 
-[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsPowerShell/TurnOnPowerShellScriptBlockLogging
+```
+<!-- TurnOnPowerShellScriptBlockLogging-OmaUri-End -->
+
+<!-- TurnOnPowerShellScriptBlockLogging-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting,
+Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through automation.
+
+If you disable this policy setting, logging of PowerShell script input is disabled.
+
+If you enable the Script Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script
+starts or stops. Enabling Invocation Logging generates a high volume of event logs.
+
+Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+<!-- TurnOnPowerShellScriptBlockLogging-Description-End -->
+
+<!-- TurnOnPowerShellScriptBlockLogging-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- TurnOnPowerShellScriptBlockLogging-Editable-End -->
+
+<!-- TurnOnPowerShellScriptBlockLogging-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- TurnOnPowerShellScriptBlockLogging-DFProperties-End -->
+
+<!-- TurnOnPowerShellScriptBlockLogging-AdmxBacked-Begin -->
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnableScriptBlockLogging |
+| Friendly Name | Turn on PowerShell Script Block Logging |
+| Location | Computer and User Configuration |
+| Path | Windows Components > Windows PowerShell |
+| Registry Key Name | Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging |
+| Registry Value Name | EnableScriptBlockLogging |
+| ADMX File Name | PowerShellExecutionPolicy.admx |
+<!-- TurnOnPowerShellScriptBlockLogging-AdmxBacked-End -->
+
+<!-- TurnOnPowerShellScriptBlockLogging-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- TurnOnPowerShellScriptBlockLogging-Examples-End -->
+
+<!-- TurnOnPowerShellScriptBlockLogging-End -->
+
+<!-- WindowsPowerShell-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- WindowsPowerShell-CspMoreInfo-End -->
+
+<!-- WindowsPowerShell-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md
index c6271913c6..aa8978ec78 100644
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@@ -1,465 +1,417 @@
 ---
-title: Policy CSP - WindowsSandbox
-description: Policy CSP - WindowsSandbox
+title: WindowsSandbox Policy CSP
+description: Learn more about the WindowsSandbox Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 12/07/2022
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 10/14/2020
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- WindowsSandbox-Begin -->
 # Policy CSP - WindowsSandbox
 
+<!-- WindowsSandbox-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- WindowsSandbox-Editable-End -->
 
-<hr/>
+<!-- AllowAudioInput-Begin -->
+## AllowAudioInput
 
-<!--Policies-->
-## WindowsSandbox policies
+<!-- AllowAudioInput-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- AllowAudioInput-Applicability-End -->
 
-<dl>
-  <dd>
-    <a href="#windowssandbox-allowaudioinput">WindowsSandbox/AllowAudioInput</a>
-  </dd>
-  <dd>
-    <a href="#windowssandbox-allowclipboardredirection">WindowsSandbox/AllowClipboardRedirection</a>
-  </dd>
-  <dd>
-    <a href="#windowssandbox-allownetworking">WindowsSandbox/AllowNetworking</a>
-  </dd>
-  <dd>
-    <a href="#windowssandbox-allowprinterredirection">WindowsSandbox/AllowPrinterRedirection</a>
-  </dd>
-  <dd>
-    <a href="#windowssandbox-allowvgpu">WindowsSandbox/AllowVGPU</a>
-  </dd>
-  <dd>
-    <a href="#windowssandbox-allowvideoinput">WindowsSandbox/AllowVideoInput</a>
-  </dd>
-</dl>
+<!-- AllowAudioInput-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsSandbox/AllowAudioInput
+```
+<!-- AllowAudioInput-OmaUri-End -->
 
-<hr/>
+<!-- AllowAudioInput-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting enables or disables audio input to the Sandbox.
 
-<!--Policy-->
-<a href="" id="windowssandbox-allowaudioinput"></a>**WindowsSandbox/AllowAudioInput**
+If you enable this policy setting, Windows Sandbox will be able to receive audio input from the user. Applications using a microphone may require this setting.
 
-Available in the latest Windows 10 insider preview build.
+If you disable this policy setting, Windows Sandbox will not be able to receive audio input from the user. Applications using a microphone may not function properly with this setting.
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+If you do not configure this policy setting, audio input will be enabled.
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|No|No|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting allows the IT admin to enable or disable audio input to the Sandbox.
-
-> [!NOTE]
-> There may be security implications of exposing host audio input to the container.
-
-If this policy isn't configured, end-users get the default behavior (audio input enabled).
-
-If audio input is disabled, a user won't be able to enable audio input from their own configuration file.
-
-If audio input is enabled, a user will be able to disable audio input from their own configuration file to make the device more secure.
+Note that there may be security implications of exposing host audio input to the container.
+<!-- AllowAudioInput-Description-End -->
 
+<!-- AllowAudioInput-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > You must restart Windows Sandbox for any changes to this policy setting to take effect.
+<!-- AllowAudioInput-Editable-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
+<!-- AllowAudioInput-DFProperties-Begin -->
+**Description framework properties**:
 
-- GP Friendly name: *Allow audio input in Windows Sandbox*
-- GP name: *AllowAudioInput*
-- GP path: *Windows Components/Windows Sandbox*
-- GP ADMX file name: *WindowsSandbox.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-1]` |
+| Default Value  | 1 |
+<!-- AllowAudioInput-DFProperties-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following are the supported values:
+<!-- AllowAudioInput-GpMapping-Begin -->
+**Group policy mapping**:
 
-- 0 - Disabled
-- 1 (default) - Enabled
+| Name | Value |
+|:--|:--|
+| Name | AllowAudioInput |
+| Friendly Name | Allow audio input in Windows Sandbox |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Sandbox |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Sandbox |
+| Registry Value Name | AllowAudioInput |
+| ADMX File Name | WindowsSandbox.admx |
+<!-- AllowAudioInput-GpMapping-End -->
 
-<!--/SupportedValues-->
-<!--Example-->
+<!-- AllowAudioInput-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowAudioInput-Examples-End -->
 
-<!--/Example-->
-<!--Validation-->
+<!-- AllowAudioInput-End -->
 
-<!--/Validation-->
-<!--/Policy-->
+<!-- AllowClipboardRedirection-Begin -->
+## AllowClipboardRedirection
 
-<hr/>
+<!-- AllowClipboardRedirection-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- AllowClipboardRedirection-Applicability-End -->
 
+<!-- AllowClipboardRedirection-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsSandbox/AllowClipboardRedirection
+```
+<!-- AllowClipboardRedirection-OmaUri-End -->
 
-<!--Policy-->
-<a href="" id="windowssandbox-allowclipboardredirection"></a>**WindowsSandbox/AllowClipboardRedirection**
+<!-- AllowClipboardRedirection-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting enables or disables clipboard sharing with the sandbox.
 
-Available in the latest Windows 10 insider preview build.
+If you enable this policy setting, copy and paste between the host and Windows Sandbox are permitted.
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+If you disable this policy setting, copy and paste in and out of Sandbox will be restricted.
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|No|No|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting allows the IT admin to enable or disable sharing of the host clipboard with the sandbox.
-
-If this policy isn't configured, end-users get the default behavior (clipboard redirection enabled).
-
-If clipboard sharing is disabled, a user won't be able to enable clipboard sharing from their own configuration file.
-
-If clipboard sharing is enabled, a user will be able to disable clipboard sharing from their own configuration file to make the device more secure.
+If you do not configure this policy setting, clipboard sharing will be enabled.
+<!-- AllowClipboardRedirection-Description-End -->
 
+<!-- AllowClipboardRedirection-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > You must restart Windows Sandbox for any changes to this policy setting to take effect.
+<!-- AllowClipboardRedirection-Editable-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
+<!-- AllowClipboardRedirection-DFProperties-Begin -->
+**Description framework properties**:
 
-- GP Friendly name: *Allow clipboard sharing with Windows Sandbox*
-- GP name: *AllowClipboardRedirection*
-- GP path: *Windows Components/Windows Sandbox*
-- GP ADMX file name: *WindowsSandbox.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-1]` |
+| Default Value  | 1 |
+<!-- AllowClipboardRedirection-DFProperties-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following are the supported values:
+<!-- AllowClipboardRedirection-GpMapping-Begin -->
+**Group policy mapping**:
 
-- 0 - Disabled
-- 1 (default) - Enabled
+| Name | Value |
+|:--|:--|
+| Name | AllowClipboardRedirection |
+| Friendly Name | Allow clipboard sharing with Windows Sandbox |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Sandbox |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Sandbox |
+| Registry Value Name | AllowClipboardRedirection |
+| ADMX File Name | WindowsSandbox.admx |
+<!-- AllowClipboardRedirection-GpMapping-End -->
 
+<!-- AllowClipboardRedirection-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowClipboardRedirection-Examples-End -->
 
-<!--/SupportedValues-->
-<!--Example-->
+<!-- AllowClipboardRedirection-End -->
 
-<!--/Example-->
-<!--Validation-->
+<!-- AllowNetworking-Begin -->
+## AllowNetworking
 
-<!--/Validation-->
-<!--/Policy-->
+<!-- AllowNetworking-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- AllowNetworking-Applicability-End -->
 
-<hr/>
+<!-- AllowNetworking-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsSandbox/AllowNetworking
+```
+<!-- AllowNetworking-OmaUri-End -->
 
-<!--Policy-->
-<a href="" id="windowssandbox-allownetworking"></a>**WindowsSandbox/AllowNetworking**
+<!-- AllowNetworking-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting enables or disables networking in the sandbox. You can disable network access to decrease the attack surface exposed by the sandbox.
 
-Available in the latest Windows 10 insider preview build.
+If you enable this policy setting, networking is done by creating a virtual switch on the host, and connects the Windows Sandbox to it via a virtual NIC.
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+If you disable this policy setting, networking is disabled in Windows Sandbox.
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|No|No|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+If you do not configure this policy setting, networking will be enabled.
 
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting allows the IT admin to enable or disable networking in Windows Sandbox. Disabling network access can decrease the attack surface exposed by the Sandbox. Enabling networking can expose untrusted applications to the internal network.
-
-If this policy isn't configured, end-users get the default behavior (networking enabled).
-
-If networking is disabled, a user won't be able to enable networking from their own configuration file.
-
-If networking is enabled, a user will be able to disable networking from their own configuration file to make the device more secure.
+Note that enabling networking can expose untrusted applications to the internal network.
+<!-- AllowNetworking-Description-End -->
 
+<!-- AllowNetworking-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > You must restart Windows Sandbox for any changes to this policy setting to take effect.
+<!-- AllowNetworking-Editable-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
+<!-- AllowNetworking-DFProperties-Begin -->
+**Description framework properties**:
 
-- GP Friendly name: *Allow networking in Windows Sandbox*
-- GP name: *AllowNetworking*
-- GP path: *Windows Components/Windows Sandbox*
-- GP ADMX file name: *WindowsSandbox.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-1]` |
+| Default Value  | 1 |
+<!-- AllowNetworking-DFProperties-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following are the supported values:
-- 0 - Disabled
-- 1 (default) - Enabled
+<!-- AllowNetworking-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--/SupportedValues-->
-<!--Example-->
+| Name | Value |
+|:--|:--|
+| Name | AllowNetworking |
+| Friendly Name | Allow networking in Windows Sandbox |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Sandbox |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Sandbox |
+| Registry Value Name | AllowNetworking |
+| ADMX File Name | WindowsSandbox.admx |
+<!-- AllowNetworking-GpMapping-End -->
 
-<!--/Example-->
-<!--Validation-->
+<!-- AllowNetworking-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowNetworking-Examples-End -->
 
-<!--/Validation-->
-<!--/Policy-->
+<!-- AllowNetworking-End -->
 
-<hr/>
+<!-- AllowPrinterRedirection-Begin -->
+## AllowPrinterRedirection
 
-<!--Policy-->
-<a href="" id="windowssandbox-allowprinterredirection"></a>**WindowsSandbox/AllowPrinterRedirection**
+<!-- AllowPrinterRedirection-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- AllowPrinterRedirection-Applicability-End -->
 
-Available in the latest Windows 10 insider preview build.
+<!-- AllowPrinterRedirection-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsSandbox/AllowPrinterRedirection
+```
+<!-- AllowPrinterRedirection-OmaUri-End -->
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+<!-- AllowPrinterRedirection-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting enables or disables printer sharing from the host into the Sandbox.
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|No|No|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+If you enable this policy setting, host printers will be shared into Windows Sandbox.
 
-<!--/SupportedSKUs-->
-<hr/>
+If you disable this policy setting, Windows Sandbox will not be able to view printers from the host.
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting allows the IT admin to enable or disable printer sharing from the host into the Sandbox.
-
-If this policy isn't configured, end-users get the default behavior (printer sharing disabled).
-
-If printer sharing is disabled, a user won't be able to enable printer sharing from their own configuration file.
-
-If printer sharing is enabled, a user will be able to disable printer sharing from their own configuration file to make the device more secure.
+If you do not configure this policy setting, printer redirection will be disabled.
+<!-- AllowPrinterRedirection-Description-End -->
 
+<!-- AllowPrinterRedirection-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > You must restart Windows Sandbox for any changes to this policy setting to take effect.
+<!-- AllowPrinterRedirection-Editable-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
+<!-- AllowPrinterRedirection-DFProperties-Begin -->
+**Description framework properties**:
 
-- GP Friendly name: *Allow printer sharing with Windows Sandbox*
-- GP name: *AllowPrinterRedirection*
-- GP path: *Windows Components/Windows Sandbox*
-- GP ADMX file name: *WindowsSandbox.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-1]` |
+| Default Value  | 1 |
+<!-- AllowPrinterRedirection-DFProperties-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following are the supported values:
+<!-- AllowPrinterRedirection-GpMapping-Begin -->
+**Group policy mapping**:
 
-- 0 - Disabled
-- 1 (default) - Enabled
+| Name | Value |
+|:--|:--|
+| Name | AllowPrinterRedirection |
+| Friendly Name | Allow printer sharing with Windows Sandbox |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Sandbox |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Sandbox |
+| Registry Value Name | AllowPrinterRedirection |
+| ADMX File Name | WindowsSandbox.admx |
+<!-- AllowPrinterRedirection-GpMapping-End -->
 
-<!--/SupportedValues-->
-<!--Example-->
+<!-- AllowPrinterRedirection-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowPrinterRedirection-Examples-End -->
 
-<!--/Example-->
-<!--Validation-->
+<!-- AllowPrinterRedirection-End -->
 
-<!--/Validation-->
-<!--/Policy-->
+<!-- AllowVGPU-Begin -->
+## AllowVGPU
 
-<hr/>
+<!-- AllowVGPU-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- AllowVGPU-Applicability-End -->
 
-<!--Policy-->
-<a href="" id="windowssandbox-allowvgpu"></a>**WindowsSandbox/AllowVGPU**
+<!-- AllowVGPU-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsSandbox/AllowVGPU
+```
+<!-- AllowVGPU-OmaUri-End -->
 
-Available in the latest Windows 10 insider preview build.
+<!-- AllowVGPU-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting is to enable or disable the virtualized GPU.
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+If you enable this policy setting, vGPU will be supported in the Windows Sandbox.
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|No|No|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+If you disable this policy setting, Windows Sandbox will use software rendering, which can be slower than virtualized GPU.
 
-<!--/SupportedSKUs-->
-<hr/>
+If you do not configure this policy setting, vGPU will be enabled.
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting allows the IT admin to enable or disable virtualized GPU for Windows Sandbox.
-
-> [!NOTE]
-> Enabling virtualized GPU can potentially increase the attack surface of Windows Sandbox.
-
-If this policy isn't configured, end-users get the default behavior (vGPU is disabled).
-
-If vGPU is disabled, a user won't be able to enable vGPU support from their own configuration file.
-
-If vGPU is enabled, a user will be able to disable vGPU support from their own configuration file to make the device more secure.
+Note that enabling virtualized GPU can potentially increase the attack surface of the sandbox.
+<!-- AllowVGPU-Description-End -->
 
+<!-- AllowVGPU-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > You must restart Windows Sandbox for any changes to this policy setting to take effect.
+<!-- AllowVGPU-Editable-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
+<!-- AllowVGPU-DFProperties-Begin -->
+**Description framework properties**:
 
-- GP Friendly name: *Allow vGPU sharing for Windows Sandbox*
-- GP name: *AllowVGPU*
-- GP path: *Windows Components/Windows Sandbox*
-- GP ADMX file name: *WindowsSandbox.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-1]` |
+| Default Value  | 1 |
+<!-- AllowVGPU-DFProperties-End -->
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following are the supported values:
+<!-- AllowVGPU-GpMapping-Begin -->
+**Group policy mapping**:
 
-- 0 (default) - Disabled
-- 1 - Enabled
+| Name | Value |
+|:--|:--|
+| Name | AllowVGPU |
+| Friendly Name | Allow vGPU sharing for Windows Sandbox |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Sandbox |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Sandbox |
+| Registry Value Name | AllowVGPU |
+| ADMX File Name | WindowsSandbox.admx |
+<!-- AllowVGPU-GpMapping-End -->
 
-<!--/SupportedValues-->
-<!--Example-->
+<!-- AllowVGPU-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowVGPU-Examples-End -->
 
-<!--/Example-->
-<!--Validation-->
+<!-- AllowVGPU-End -->
 
-<!--/Validation-->
-<!--/Policy-->
+<!-- AllowVideoInput-Begin -->
+## AllowVideoInput
 
-<hr/>
+<!-- AllowVideoInput-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- AllowVideoInput-Applicability-End -->
 
-<!--Policy-->
-<a href="" id="windowssandbox-allowvideoinput"></a>**WindowsSandbox/AllowVideoInput**
+<!-- AllowVideoInput-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsSandbox/AllowVideoInput
+```
+<!-- AllowVideoInput-OmaUri-End -->
 
-Available in the latest Windows 10 insider preview build.
+<!-- AllowVideoInput-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting enables or disables video input to the Sandbox.
 
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
+If you enable this policy setting, video input is enabled in Windows Sandbox.
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|No|No|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+If you disable this policy setting, video input is disabled in Windows Sandbox. Applications using video input may not function properly in Windows Sandbox.
 
-<!--/SupportedSKUs-->
-<hr/>
+If you do not configure this policy setting, video input will be disabled. Applications that use video input may not function properly in Windows Sandbox.
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting allows the IT admin to enable or disable video input to the Sandbox.
-
-> [!NOTE]
-> There may be security implications of exposing host video input to the container.
-
-If this policy isn't configured, users get the default behavior (video input disabled).
-
-If video input is disabled, users won't be able to enable video input from their own configuration file.
-
-If video input is enabled, users will be able to disable video input from their own configuration file to make the device more secure.
+Note that there may be security implications of exposing host video input to the container.
+<!-- AllowVideoInput-Description-End -->
 
+<!-- AllowVideoInput-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > You must restart Windows Sandbox for any changes to this policy setting to take effect.
+<!-- AllowVideoInput-Editable-End -->
 
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
-- GP Friendly name: *Allow video input in Windows Sandbox*
-- GP name: *AllowVideoInput*
-- GP path: *Windows Components/Windows Sandbox*
-- GP ADMX file name: *WindowsSandbox.admx*
+<!-- AllowVideoInput-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following are the supported values:
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-1]` |
+| Default Value  | 1 |
+<!-- AllowVideoInput-DFProperties-End -->
 
-- 0 (default) - Disabled
-- 1 - Enabled
+<!-- AllowVideoInput-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--/SupportedValues-->
-<!--Example-->
+| Name | Value |
+|:--|:--|
+| Name | AllowVideoInput |
+| Friendly Name | Allow video input in Windows Sandbox |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Sandbox |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Sandbox |
+| Registry Value Name | AllowVideoInput |
+| ADMX File Name | WindowsSandbox.admx |
+<!-- AllowVideoInput-GpMapping-End -->
 
-<!--/Example-->
-<!--Validation-->
+<!-- AllowVideoInput-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowVideoInput-Examples-End -->
 
-<!--/Validation-->
-<!--/Policy-->
+<!-- AllowVideoInput-End -->
 
-<hr/>
+<!-- WindowsSandbox-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- WindowsSandbox-CspMoreInfo-End -->
 
-<!--/Policies-->
+<!-- WindowsSandbox-End -->
 
-## Related topics
+## Related articles
 
-[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index 854f98de60..7e12e9fd78 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -1,468 +1,613 @@
 ---
-title: Policy CSP - WirelessDisplay
-description: Use the Policy CSP - WirelessDisplay setting to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.
+title: WirelessDisplay Policy CSP
+description: Learn more about the WirelessDisplay Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 12/07/2022
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer: 
-manager: aaroncz
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- WirelessDisplay-Begin -->
 # Policy CSP - WirelessDisplay
 
-<hr/>
-
-<!--Policies-->
-## WirelessDisplay policies
-
-<dl>
-  <dd>
-    <a href="#wirelessdisplay-allowmdnsadvertisement">WirelessDisplay/AllowMdnsAdvertisement</a>
-  </dd>
-  <dd>
-    <a href="#wirelessdisplay-allowmdnsdiscovery">WirelessDisplay/AllowMdnsDiscovery</a>
-  </dd>
-  <dd>
-    <a href="#wirelessdisplay-allowmovementdetectiononinfrastructure">WirelessDisplay/AllowMovementDetectionOnInfrastructure</a>
-  </dd>
-  <dd>
-    <a href="#wirelessdisplay-allowprojectionfrompc">WirelessDisplay/AllowProjectionFromPC</a>
-  </dd>
-  <dd>
-    <a href="#wirelessdisplay-allowprojectionfrompcoverinfrastructure">WirelessDisplay/AllowProjectionFromPCOverInfrastructure</a>
-  </dd>
-  <dd>
-    <a href="#wirelessdisplay-allowprojectiontopc">WirelessDisplay/AllowProjectionToPC</a>
-  </dd>
-  <dd>
-    <a href="#wirelessdisplay-allowprojectiontopcoverinfrastructure">WirelessDisplay/AllowProjectionToPCOverInfrastructure</a>
-  </dd>
-  <dd>
-    <a href="#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver">WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver</a>
-  </dd>
-  <dd>
-    <a href="#wirelessdisplay-requirepinforpairing">WirelessDisplay/RequirePinForPairing</a>
-  </dd>
-</dl>
-
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="wirelessdisplay-allowmdnsadvertisement"></a>**WirelessDisplay/AllowMdnsAdvertisement**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
+<!-- WirelessDisplay-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- WirelessDisplay-Editable-End -->
+
+<!-- AllowMdnsAdvertisement-Begin -->
+## AllowMdnsAdvertisement
+
+<!-- AllowMdnsAdvertisement-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- AllowMdnsAdvertisement-Applicability-End -->
+
+<!-- AllowMdnsAdvertisement-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WirelessDisplay/AllowMdnsAdvertisement
+```
+<!-- AllowMdnsAdvertisement-OmaUri-End -->
+
+<!-- AllowMdnsAdvertisement-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.
+<!-- AllowMdnsAdvertisement-Description-End -->
+
+<!-- AllowMdnsAdvertisement-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowMdnsAdvertisement-Editable-End -->
+
+<!-- AllowMdnsAdvertisement-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowMdnsAdvertisement-DFProperties-End -->
+
+<!-- AllowMdnsAdvertisement-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Not allowed. |
+| 1 (Default) | Allowed. |
+<!-- AllowMdnsAdvertisement-AllowedValues-End -->
+
+<!-- AllowMdnsAdvertisement-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowMdnsAdvertisement-Examples-End -->
+
+<!-- AllowMdnsAdvertisement-End -->
+
+<!-- AllowMdnsDiscovery-Begin -->
+## AllowMdnsDiscovery
+
+<!-- AllowMdnsDiscovery-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+<!-- AllowMdnsDiscovery-Applicability-End -->
+
+<!-- AllowMdnsDiscovery-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WirelessDisplay/AllowMdnsDiscovery
+```
+<!-- AllowMdnsDiscovery-OmaUri-End -->
+
+<!-- AllowMdnsDiscovery-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver.
+<!-- AllowMdnsDiscovery-Description-End -->
+
+<!-- AllowMdnsDiscovery-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowMdnsDiscovery-Editable-End -->
+
+<!-- AllowMdnsDiscovery-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowMdnsDiscovery-DFProperties-End -->
+
+<!-- AllowMdnsDiscovery-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Not allowed. |
+| 1 (Default) | Allowed. |
+<!-- AllowMdnsDiscovery-AllowedValues-End -->
+
+<!-- AllowMdnsDiscovery-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowMdnsDiscovery-Examples-End -->
+
+<!-- AllowMdnsDiscovery-End -->
+
+<!-- AllowMovementDetectionOnInfrastructure-Begin -->
+## AllowMovementDetectionOnInfrastructure
+
+<!-- AllowMovementDetectionOnInfrastructure-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- AllowMovementDetectionOnInfrastructure-Applicability-End -->
+
+<!-- AllowMovementDetectionOnInfrastructure-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WirelessDisplay/AllowMovementDetectionOnInfrastructure
+```
+<!-- AllowMovementDetectionOnInfrastructure-OmaUri-End -->
+
+<!-- AllowMovementDetectionOnInfrastructure-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows you to disable the infrastructure movement detection feature. If you set it to 0, your PC may stay connected and continue to project if you walk away from a Wireless Display receiver to which you are projecting over infrastructure. If you set it to 1, your PC will detect that you have moved and will automatically disconnect your infrastructure Wireless Display session.
+<!-- AllowMovementDetectionOnInfrastructure-Description-End -->
+
+<!-- AllowMovementDetectionOnInfrastructure-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowMovementDetectionOnInfrastructure-Editable-End -->
+
+<!-- AllowMovementDetectionOnInfrastructure-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowMovementDetectionOnInfrastructure-DFProperties-End -->
+
+<!-- AllowMovementDetectionOnInfrastructure-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Not allowed. |
+| 1 (Default) | Allowed. |
+<!-- AllowMovementDetectionOnInfrastructure-AllowedValues-End -->
+
+<!-- AllowMovementDetectionOnInfrastructure-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowMovementDetectionOnInfrastructure-Examples-End -->
+
+<!-- AllowMovementDetectionOnInfrastructure-End -->
+
+<!-- AllowPCReceiverToBeTCPServer-Begin -->
+## AllowPCReceiverToBeTCPServer
+
+<!-- AllowPCReceiverToBeTCPServer-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- AllowPCReceiverToBeTCPServer-Applicability-End -->
+
+<!-- AllowPCReceiverToBeTCPServer-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WirelessDisplay/AllowPCReceiverToBeTCPServer
+```
+<!-- AllowPCReceiverToBeTCPServer-OmaUri-End -->
+
+<!-- AllowPCReceiverToBeTCPServer-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows a PC acting as a Wireless Display receiver to be a TCP server for the TCP session carrying the projection stream to the receiver. If you set it to 0, your PC receiver will start the outbound connection as a TCP client. If you set it to 1, your PC may receive the incoming projection as a TCP server.
+<!-- AllowPCReceiverToBeTCPServer-Description-End -->
+
+<!-- AllowPCReceiverToBeTCPServer-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowPCReceiverToBeTCPServer-Editable-End -->
+
+<!-- AllowPCReceiverToBeTCPServer-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowPCReceiverToBeTCPServer-DFProperties-End -->
+
+<!-- AllowPCReceiverToBeTCPServer-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Not allowed. |
+| 1 (Default) | Allowed. |
+<!-- AllowPCReceiverToBeTCPServer-AllowedValues-End -->
+
+<!-- AllowPCReceiverToBeTCPServer-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowPCReceiverToBeTCPServer-Examples-End -->
+
+<!-- AllowPCReceiverToBeTCPServer-End -->
+
+<!-- AllowPCSenderToBeTCPClient-Begin -->
+## AllowPCSenderToBeTCPClient
+
+<!-- AllowPCSenderToBeTCPClient-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- AllowPCSenderToBeTCPClient-Applicability-End -->
+
+<!-- AllowPCSenderToBeTCPClient-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WirelessDisplay/AllowPCSenderToBeTCPClient
+```
+<!-- AllowPCSenderToBeTCPClient-OmaUri-End -->
+
+<!-- AllowPCSenderToBeTCPClient-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows a PC acting as a Wireless Display sender to be a TCP client for the TCP session carrying the projection stream to the receiver. If you set it to 0, your PC will only participate in an outgoing projection as a TCP server. If you set it to 1, your PC may start an outgoing projection as a TCP client.
+<!-- AllowPCSenderToBeTCPClient-Description-End -->
+
+<!-- AllowPCSenderToBeTCPClient-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowPCSenderToBeTCPClient-Editable-End -->
+
+<!-- AllowPCSenderToBeTCPClient-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowPCSenderToBeTCPClient-DFProperties-End -->
+
+<!-- AllowPCSenderToBeTCPClient-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Not allowed. |
+| 1 (Default) | Allowed. |
+<!-- AllowPCSenderToBeTCPClient-AllowedValues-End -->
+
+<!-- AllowPCSenderToBeTCPClient-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowPCSenderToBeTCPClient-Examples-End -->
+
+<!-- AllowPCSenderToBeTCPClient-End -->
+
+<!-- AllowProjectionFromPC-Begin -->
+## AllowProjectionFromPC
+
+<!-- AllowProjectionFromPC-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+<!-- AllowProjectionFromPC-Applicability-End -->
+
+<!-- AllowProjectionFromPC-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WirelessDisplay/AllowProjectionFromPC
+```
+<!-- AllowProjectionFromPC-OmaUri-End -->
+
+<!-- AllowProjectionFromPC-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy allows you to turn off projection from a PC. If you set it to 0, your PC cannot discover or project to other devices. If you set it to 1, your PC can discover and project to other devices.
+<!-- AllowProjectionFromPC-Description-End -->
+
+<!-- AllowProjectionFromPC-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowProjectionFromPC-Editable-End -->
+
+<!-- AllowProjectionFromPC-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowProjectionFromPC-DFProperties-End -->
 
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- AllowProjectionFromPC-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Your PC cannot discover or project to other devices. |
+| 1 (Default) | Your PC can discover and project to other devices. |
+<!-- AllowProjectionFromPC-AllowedValues-End -->
 
-> [!div class = "checklist"]
-> * Device
+<!-- AllowProjectionFromPC-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowProjectionFromPC-Examples-End -->
+
+<!-- AllowProjectionFromPC-End -->
 
-<hr/>
+<!-- AllowProjectionFromPCOverInfrastructure-Begin -->
+## AllowProjectionFromPCOverInfrastructure
+
+<!-- AllowProjectionFromPCOverInfrastructure-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+<!-- AllowProjectionFromPCOverInfrastructure-Applicability-End -->
+
+<!-- AllowProjectionFromPCOverInfrastructure-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WirelessDisplay/AllowProjectionFromPCOverInfrastructure
+```
+<!-- AllowProjectionFromPCOverInfrastructure-OmaUri-End -->
+
+<!-- AllowProjectionFromPCOverInfrastructure-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy allows you to turn off projection from a PC over infrastructure. If you set it to 0, your PC cannot discover or project to other infrastructure devices, though it may still be possible to discover and project over WiFi Direct. If you set it to 1, your PC can discover and project to other devices over infrastructure.
+<!-- AllowProjectionFromPCOverInfrastructure-Description-End -->
+
+<!-- AllowProjectionFromPCOverInfrastructure-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowProjectionFromPCOverInfrastructure-Editable-End -->
+
+<!-- AllowProjectionFromPCOverInfrastructure-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowProjectionFromPCOverInfrastructure-DFProperties-End -->
+
+<!-- AllowProjectionFromPCOverInfrastructure-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Your PC cannot discover or project to other infrastructure devices, although it is possible to discover and project over WiFi Direct. |
+| 1 (Default) | Your PC can discover and project to other devices over infrastructure. |
+<!-- AllowProjectionFromPCOverInfrastructure-AllowedValues-End -->
+
+<!-- AllowProjectionFromPCOverInfrastructure-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowProjectionFromPCOverInfrastructure-Examples-End -->
+
+<!-- AllowProjectionFromPCOverInfrastructure-End -->
+
+<!-- AllowProjectionToPC-Begin -->
+## AllowProjectionToPC
+
+<!-- AllowProjectionToPC-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- AllowProjectionToPC-Applicability-End -->
+
+<!-- AllowProjectionToPC-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WirelessDisplay/AllowProjectionToPC
+```
+<!-- AllowProjectionToPC-OmaUri-End -->
+
+<!-- AllowProjectionToPC-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting allows you to turn off projection to a PC.
+
+
+
+If you turn it on, your PC isn't discoverable and can't be projected to except if the user manually launches the Wireless Display app.
+
+
+
+If you turn it off or don't configure it, your PC is discoverable and can be projected to above lock screen only. The user has an option to turn it always on or off except for manual launch, too.
+<!-- AllowProjectionToPC-Description-End -->
+
+<!-- AllowProjectionToPC-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowProjectionToPC-Editable-End -->
+
+<!-- AllowProjectionToPC-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowProjectionToPC-DFProperties-End -->
+
+<!-- AllowProjectionToPC-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Projection to PC is not allowed. Always off and the user cannot enable it. |
+| 1 (Default) | Projection to PC is allowed. Enabled only above the lock screen. |
+<!-- AllowProjectionToPC-AllowedValues-End -->
+
+<!-- AllowProjectionToPC-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AllowProjectionToPC |
+| Friendly Name | Don't allow this PC to be projected to |
+| Location | Computer Configuration |
+| Path | Windows Components > Connect |
+| Registry Key Name | Software\Policies\Microsoft\Windows\Connect |
+| Registry Value Name | AllowProjectionToPC |
+| ADMX File Name | WirelessDisplay.admx |
+<!-- AllowProjectionToPC-GpMapping-End -->
+
+<!-- AllowProjectionToPC-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowProjectionToPC-Examples-End -->
+
+<!-- AllowProjectionToPC-End -->
+
+<!-- AllowProjectionToPCOverInfrastructure-Begin -->
+## AllowProjectionToPCOverInfrastructure
+
+<!-- AllowProjectionToPCOverInfrastructure-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+<!-- AllowProjectionToPCOverInfrastructure-Applicability-End -->
+
+<!-- AllowProjectionToPCOverInfrastructure-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WirelessDisplay/AllowProjectionToPCOverInfrastructure
+```
+<!-- AllowProjectionToPCOverInfrastructure-OmaUri-End -->
+
+<!-- AllowProjectionToPCOverInfrastructure-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows you to turn off projection to a PC over infrastructure. If you set it to 0, your PC cannot be discoverable and can't be projected to over infrastructure, though it may still be possible to project over WiFi Direct. If you set it to 1, your PC can be discoverable and can be projected to over infrastructure.
+<!-- AllowProjectionToPCOverInfrastructure-Description-End -->
+
+<!-- AllowProjectionToPCOverInfrastructure-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowProjectionToPCOverInfrastructure-Editable-End -->
 
-<!--/Scope-->
-<!--Description-->
-This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement.
+<!-- AllowProjectionToPCOverInfrastructure-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--/Description-->
-<!--SupportedValues-->
-The following list shows the supported values:
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowProjectionToPCOverInfrastructure-DFProperties-End -->
+
+<!-- AllowProjectionToPCOverInfrastructure-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Your PC is not discoverable and other devices cannot project to it over infrastructure, although it is possible to project to it over WiFi Direct. |
+| 1 (Default) | Your PC is discoverable and other devices can project to it over infrastructure. |
+<!-- AllowProjectionToPCOverInfrastructure-AllowedValues-End -->
 
-- 0 - Don't allow
-- 1 - Allow
+<!-- AllowProjectionToPCOverInfrastructure-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowProjectionToPCOverInfrastructure-Examples-End -->
+
+<!-- AllowProjectionToPCOverInfrastructure-End -->
+
+<!-- AllowUserInputFromWirelessDisplayReceiver-Begin -->
+## AllowUserInputFromWirelessDisplayReceiver
+
+<!-- AllowUserInputFromWirelessDisplayReceiver-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later |
+<!-- AllowUserInputFromWirelessDisplayReceiver-Applicability-End -->
+
+<!-- AllowUserInputFromWirelessDisplayReceiver-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver
+```
+<!-- AllowUserInputFromWirelessDisplayReceiver-OmaUri-End -->
+
+<!-- AllowUserInputFromWirelessDisplayReceiver-Description-Begin -->
+<!-- Description-Source-DDF -->
+Setting this policy controls whether or not the wireless display can send input—keyboard, mouse, pen, and touch input if the display supports it—back to the source device.
+<!-- AllowUserInputFromWirelessDisplayReceiver-Description-End -->
+
+<!-- AllowUserInputFromWirelessDisplayReceiver-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowUserInputFromWirelessDisplayReceiver-Editable-End -->
+
+<!-- AllowUserInputFromWirelessDisplayReceiver-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowUserInputFromWirelessDisplayReceiver-DFProperties-End -->
+
+<!-- AllowUserInputFromWirelessDisplayReceiver-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Wireless display input disabled. |
+| 1 (Default) | Wireless display input enabled. |
+<!-- AllowUserInputFromWirelessDisplayReceiver-AllowedValues-End -->
+
+<!-- AllowUserInputFromWirelessDisplayReceiver-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowUserInputFromWirelessDisplayReceiver-Examples-End -->
+
+<!-- AllowUserInputFromWirelessDisplayReceiver-End -->
+
+<!-- RequirePinForPairing-Begin -->
+## RequirePinForPairing
+
+<!-- RequirePinForPairing-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- RequirePinForPairing-Applicability-End -->
+
+<!-- RequirePinForPairing-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WirelessDisplay/RequirePinForPairing
+```
+<!-- RequirePinForPairing-OmaUri-End -->
+
+<!-- RequirePinForPairing-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting allows you to require a pin for pairing.
+
+If you set this to 'Never', a pin isn't required for pairing.
+
+If you set this to 'First Time', the pairing ceremony for new devices will always require a PIN.
+
+If you set this to 'Always', all pairings will require PIN.
+<!-- RequirePinForPairing-Description-End -->
+
+<!-- RequirePinForPairing-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- RequirePinForPairing-Editable-End -->
+
+<!-- RequirePinForPairing-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- RequirePinForPairing-DFProperties-End -->
+
+<!-- RequirePinForPairing-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | PIN is not required. |
+| 1 | Pairing ceremony for new devices will always require a PIN |
+| 2 | All pairings will require PIN |
+<!-- RequirePinForPairing-AllowedValues-End -->
+
+<!-- RequirePinForPairing-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RequirePinForPairing |
+| Friendly Name | Require pin for pairing |
+| Location | Computer Configuration |
+| Path | Windows Components > Connect |
+| Registry Key Name | Software\Policies\Microsoft\Windows\Connect |
+| Registry Value Name | RequirePinForPairing |
+| ADMX File Name | WirelessDisplay.admx |
+<!-- RequirePinForPairing-GpMapping-End -->
+
+<!-- RequirePinForPairing-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- RequirePinForPairing-Examples-End -->
+
+<!-- RequirePinForPairing-End -->
 
-<!--/SupportedValues-->
-<!--/Policy-->
+<!-- WirelessDisplay-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- WirelessDisplay-CspMoreInfo-End -->
 
-<hr/>
+<!-- WirelessDisplay-End -->
+
+## Related articles
 
-<!--Policy-->
-<a href="" id="wirelessdisplay-allowmdnsdiscovery"></a>**WirelessDisplay/AllowMdnsDiscovery**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery.
-
-<!--/Description-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 - Doesn't allow
--   1 - Allow
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="wirelessdisplay-allowmovementdetectiononinfrastructure"></a>**WirelessDisplay/AllowMovementDetectionOnInfrastructure**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting allows you to disable the infrastructure movement detection feature.
-
-- If you set it to 0, your PC may stay connected and continue to project if you walk away from a Wireless Display receiver to which you are projecting over infrastructure.
-
-- If you set it to 1, your PC will detect that you have moved and will automatically disconnect your infrastructure Wireless Display session.
-
-The default value is 1.
-
-<!--/Description-->
-<!--SupportedValues-->
-
-The following list shows the supported values:
-
-- 0 - Doesn't allow
-- 1 (Default) - Allow
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="wirelessdisplay-allowprojectionfrompc"></a>**WirelessDisplay/AllowProjectionFromPC**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy allows you to turn off projection from a PC.
-
-<!--/Description-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 - your PC can't discover or project to other devices.
--   1 - your PC can discover and project to other devices
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="wirelessdisplay-allowprojectionfrompcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionFromPCOverInfrastructure**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy allows you to turn off projection from a PC over infrastructure.
-
-<!--/Description-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 - your PC can't discover or project to other infrastructure devices, although it's possible to discover and project over WiFi Direct.
--   1 - your PC can discover and project to other devices over infrastructure.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="wirelessdisplay-allowprojectiontopc"></a>**WirelessDisplay/AllowProjectionToPC**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Allow or disallow turning off the projection to a PC.
-
-If you set it to 0 (zero), your PC isn't discoverable and you can't project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** &gt; **System** &gt; **Projecting to this PC**.
-
-Supported value type is integer.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Don't allow this PC to be projected to*
--   GP name: *AllowProjectionToPC*
--   GP path: *Windows Components/Connect*
--   GP ADMX file name: *WirelessDisplay.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 - projection to PC isn't allowed. Always off and the user can't enable it.
--   1 (default) - projection to PC is allowed. Enabled only above the lock screen.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="wirelessdisplay-allowprojectiontopcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionToPCOverInfrastructure**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting allows you to turn off projection to a PC over infrastructure.
-
-<!--/Description-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 - your PC isn't discoverable and other devices can't project to it over infrastructure, although it's possible to project to it over WiFi Direct.
--   1 - your PC is discoverable and other devices can project to it over infrastructure.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="wirelessdisplay-allowuserinputfromwirelessdisplayreceiver"></a>**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Setting this policy controls whether or not the wireless display can send input&#8212;keyboard, mouse, pen, and touch input if the display supports it&#8212;back to the source device.
-
-<!--/Description-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 - Wireless display input disabled.
--   1 (default) - Wireless display input enabled.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="wirelessdisplay-requirepinforpairing"></a>**WirelessDisplay/RequirePinForPairing**
-
-<!--SupportedSKUs-->
-The table below shows the applicability of Windows:
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Allow or disallow requirement for a PIN for pairing.
-
-If you turn on this policy, the pairing ceremony for new devices will always require a PIN. If you turn off this policy or don't configure it, a PIN isn't required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** &gt; **System** &gt; **Projecting to this PC**.
-
-Supported value type is integer.
-
-<!--/Description-->
-<!--ADMXMapped-->
-ADMX Info:
--   GP Friendly name: *Require pin for pairing*
--   GP name: *RequirePinForPairing*
--   GP path: *Windows Components/Connect*
--   GP ADMX file name: *WirelessDisplay.admx*
-
-<!--/ADMXMapped-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 (default) - PIN isn't required.
--   1 - PIN is required.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-<hr/>
-
-<!--/Policies-->
-
-CSP Article:
-
-## Related topics
-[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index d1d4e1f569..658f2a7a2c 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -502,6 +502,8 @@ items:
           href: policy-csp-settings.md
         - name: SettingsSync
           href: policy-csp-settingssync.md
+        - name: SmartScreen
+          href: policy-csp-smartscreen.md
         - name: Speech
           href: policy-csp-speech.md
         - name: Start
@@ -544,8 +546,6 @@ items:
           href: policy-csp-windowsconnectionmanager.md
         - name: WindowsDefenderSecurityCenter
           href: policy-csp-windowsdefendersecuritycenter.md
-        - name: WindowsDefenderSmartScreen
-          href: policy-csp-smartscreen.md
         - name: WindowsInkWorkspace
           href: policy-csp-windowsinkworkspace.md
         - name: WindowsLogon